New custom policies added in the June "What's New" update

[mwmeehan]

Just wondering if there is a recommendation on which management group these new custom policies should be assigned to that were in the June "What's New" update. Thank you!

Added new custom policies for (many thanks @jeetgarg):
Storage Accounts with custom domains assigned should be denied - Deny-StorageAccount-CustomDomain
File Services with insecure Kerberos ticket encryption should be denied - Deny-FileServices-InsecureKerberos
File Services with insecure SMB channel encryption should be denied - Deny-FileServices-InsecureSMBChannel
File Services with insecure SMB versions should be denied - Deny-FileServices-InsecureSMBVersions
File Services with insecure authentication methods should be denied - Deny-FileServices-InsecureAuth
'User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied'
'Storage Accounts with SFTP enabled should be denied'
'Subnets without Private Endpoint Network Policies enabled should be denied'

[jtracey93]

Hey @mwmeehan,

These are just definitions we provided for you to assign where you deem fit based on your hierarchy.

We do not assign these by default