last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

Web Application Firewall (WAF) should be enabled for Azure Front Door Service

Name Web Application Firewall (WAF) should be enabled for Azure Front Door Service
Azure Portal
Id 055aa869-bc98-4af8-bafc-23f1ab6ffe2c
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description Requires Web Application Firewall (WAF) on any Azure Front Door Service. A Web Application Firewall provides greater security for your other Azure resources.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-07-08 14:28:08 add 055aa869-bc98-4af8-bafc-23f1ab6ffe2c
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Web Application Firewall (WAF) should be enabled for Azure Front Door Service",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Requires Web Application Firewall (WAF) on any Azure Front Door Service. A Web Application Firewall provides greater security for your other Azure resources.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/frontdoors"
          },
          {
          "field": "Microsoft.Network/frontdoors/frontendEndpoints[*].webApplicationFirewallPolicyLink.id",
            "exists": "false"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "055aa869-bc98-4af8-bafc-23f1ab6ffe2c"
}