Handle new Defender managed assignments (#973)

sdecker · web-flow · commit a162fc13be2e · 2025-06-04T09:23:36.000+10:00
* Handle new Defender managed assignments 

Adding a new case to skip Defender Plan Managed policies.
Azure Defender for Cloud is creating new assignments for "Defender for SQL servers on Machines provisioning" that do not follow the expected description naming convention "This policy assignment was automatically created by"... so EPAC is trying to delete them.

* change from full string to starts with

Made the new entry a little more generic
diff --git a/Scripts/Helpers/Confirm-PacOwner.ps1 b/Scripts/Helpers/Confirm-PacOwner.ps1
@@ -32,7 +32,9 @@ function Confirm-PacOwner {
                         $ManagedByCounters.dfcSecurityPolicies += 1
                         return "managedByDfcSecurityPolicies"
                     }
-                    elseif ($description.StartsWith("This policy assignment was automatically created by ")) {
+                    elseif ($description.StartsWith("This policy assignment was automatically created by ") -or 
+                        $description.StartsWith("This initiative enables Defender ")
+                    ) {
                         $ManagedByCounters.dfcDefenderPlans += 1
                         return "managedByDfcDefenderPlans"
                     }

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,9 @@ function Confirm-PacOwner {`
`32`	`32`	`$ManagedByCounters.dfcSecurityPolicies += 1`
`33`	`33`	`return "managedByDfcSecurityPolicies"`
`34`	`34`	`}`
`35`		`- elseif ($description.StartsWith("This policy assignment was automatically created by ")) {`
	`35`	`+ elseif ($description.StartsWith("This policy assignment was automatically created by ") -or`
	`36`	`+ $description.StartsWith("This initiative enables Defender ")`
	`37`	`+ ) {`
`36`	`38`	`$ManagedByCounters.dfcDefenderPlans += 1`
`37`	`39`	`return "managedByDfcDefenderPlans"`
`38`	`40`	`}`