AzPolicyAdvertizer

last sync: 2025-Jul-25 17:39:48 UTC

Deny Service Endpoints on Subnets Based on Naming Convention

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 0baf3b25-fb0f-4160-842c-ace6e622feda (1.0.0) to Azure
Display name Deny Service Endpoints on Subnets Based on Naming Convention
Id 0baf3b25-fb0f-4160-842c-ace6e622feda
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description This Policy will deny the enablement of Service Endpoints on subnets that contain the string you define in the Policy. This will also prevent PaaS resources such as Azure Storage from being able to add this subnet to their firewall allowed list.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
RBAC role(s) none
Rule aliases IF (4)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service Microsoft.Network virtualNetworks/subnets properties.serviceEndpoints[*].service True True
Microsoft.Network/virtualNetworks/subnets[*] Microsoft.Network virtualNetworks properties.subnets[*] True False
Microsoft.Network/virtualNetworks/subnets[*].name Microsoft.Network virtualNetworks properties.subnets[*].name True False
Microsoft.Network/virtualNetworks/subnets[*].serviceEndpoints[*].service Microsoft.Network virtualNetworks properties.subnets[*].properties.serviceEndpoints[*].service True True
Rule resource types IF (2)
Microsoft.Network/virtualNetworks
Microsoft.Network/virtualNetworks/subnets
JSON
EPAC
Deploy policy 0baf3b25-fb0f-4160-842c-ace6e622feda (1.0.0) to Azure