Use built-in policy for Cosmos DB for Defender Plan (Azure#232)

* Use built-in policy for Cosmos DB for Defender Plan

* Add branch config

* Remove branch config

policy/custom/definitions/policyset/DefenderForCloud.bicep

@@ -9,11 +9,6 @@
 
 targetScope = 'managementGroup'
 
-@description('Management Group scope for the policy definition.')
-param policyDefinitionManagementGroupId string
-
-var customPolicyDefinitionMgScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
-
 resource ascAzureDefender 'Microsoft.Authorization/policySetDefinitions@2020-03-01' = {
   name: 'custom-enable-azure-defender'
   properties: {
@@ -173,8 +168,8 @@ resource ascAzureDefender 'Microsoft.Authorization/policySetDefinitions@2020-03-
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'DefenderForCloud-Deploy-DefenderPlan-CosmosDB')
-        policyDefinitionReferenceId: toLower(replace('Configure Microsoft Defender for Cosmos DB to be enabled', ' ', '-'))
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542'
+        policyDefinitionReferenceId: toLower(replace('Configure Microsoft Defender for Azure Cosmos DB to be enabled', ' ', '-'))
         parameters: {}
       }
     ]

policy/custom/definitions/policyset/DefenderForCloud.parameters.json

@@ -1,9 +1,5 @@
 {
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
     "contentVersion": "1.0.0.0",
-    "parameters": {
-        "policyDefinitionManagementGroupId": {
-            "value": "{{var-topLevelManagementGroupName}}"
-        }
-    }
+    "parameters": {}
 }