fix: change policy mode of Audit-Tags-Mandatory from 'All' to 'Indexed'

[elKei24]

Overview/Summary

The policy Audit-Tags-Mandatory so far uses the mode All and therefore even applies to resources that do not support tags, and, unlike specified in the policy description, even to resource groups.

Changing the policy mode to Indexed is suggested in the documentation:

indexed should be used when creating policies that enforce tags or locations. While not required, it prevents resources that don't support tags and locations from showing up as non-compliant in the compliance results. The exception is resource groups and subscriptions. Policy definitions that enforce location or tags on a resource group or subscription should set mode to all and specifically target the Microsoft.Resources/subscriptions/resourceGroups or Microsoft.Resources/subscriptions type.

For resource groups, there already is the "sibling policy" Audit-Tags-Mandatory-Rg.

This PR fixes

1. Fixes the root problem of Audit for mandatory tags on resources should have excludeResourceTypes & excludeResourcegroupPattern Azure-Landing-Zones#207

Testing Evidence

Screenshots

Before

Honestly I don't understand why some role assignments were marked Compliant in the first place.

After

Testing URLs

Azure Public

Azure US Gov (Fairfax)

As part of this Pull Request I have

• Checked for duplicate Pull Requests
• Associated it with relevant issues, for tracking and closure.
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Ensured contribution guidance is followed.
• Updated relevant and associated documentation.
• Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md)