Network 25539 IDPS Inspection is Enabled in Deny Mode on Azure Firewall

[komalp2025]

https://github.com/microsoft/ztspecs/issues/46

[komalp2025]

worked on Meril's comment on previous PR, got messed up during rebase. Here are the details below

[Copilot]

Pull request overview

This pull request adds a new test (ID 25539) to validate that Azure Firewall Premium policies have Intrusion Detection and Prevention System (IDPS) enabled in "Deny" mode. The test queries all subscriptions for Azure Firewall policies, checks Premium-tier policies for their IDPS configuration, and reports which policies pass or fail the check.

Changes:

• Added Test-Assessment.25539.ps1 PowerShell script that implements the IDPS validation logic for Azure Firewall policies
• Added Test-Assessment.25539.md documentation explaining the test purpose and remediation steps

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
src/powershell/tests/Test-Assessment.25539.ps1	Implements test logic to enumerate Azure subscriptions, query firewall policies via REST API, check IDPS mode for Premium policies, and generate pass/fail report
src/powershell/tests/Test-Assessment.25539.md	Provides documentation on IDPS functionality, test behavior, and remediation guidance with Microsoft Learn reference

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[alexandair]

@komalp2025
Does the response to the initial Query 1 include the sku and intrusionDetection properties?
Recommendation: Check if $policies (from the first call) already contains the required data. If so, removing the inner loop and second API call will significantly speed up the test for customers with many policies.