I have noticed that some built-in Azure policies use "Microsoft.Security/complianceResults" for auditing. For example, the "The NSGs rules for web applications on IaaS should be hardened" is using "unprotectedWebApplication" from "Microsoft.Security/complianceResults".
Where can I find the compliance rules available in "Microsoft.Security/complianceResults"?
Can I use this to define my own policy rules?
The only field aliases that I can find for compliance results is Microsoft.Security/complianceResults/resourceStatus. You can use that to check the resource status for the type compliance Results. To see the rules that I had, I used the vs code extension by policy because it breaks down the resources and you can see the alias. If you want to see all the available rules, it would be through Azure Security center.
