last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Configure Data Factories to disable public network access

Name Configure Data Factories to disable public network access
Azure Portal
Id 08b1442b-7789-4130-8506-4f99a97226a7
Version 1.0.0
details on versioning
Category Data Factory
Microsoft docs
Description Disable public network access for your Data Factory so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/data-factory/data-factory-private-link.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Data Factory Contributor 673868aa-7521-48a0-acc6-0f60742d39f5
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-04-07 13:27:17 add 08b1442b-7789-4130-8506-4f99a97226a7
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure Data Factories to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable public network access for your Data Factory so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/data-factory/data-factory-private-link.",
    "metadata": {
      "version": "1.0.0",
      "category": "Data Factory"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DataFactory/factories"
          },
          {
            "field": "Microsoft.DataFactory/factories/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "conflictEffect": "audit",
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5"
          ],
          "operations": [
            {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2018-06-01')]",
              "operation": "addOrReplace",
              "field": "Microsoft.DataFactory/factories/publicNetworkAccess",
              "value": "Disabled"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "08b1442b-7789-4130-8506-4f99a97226a7"
}