last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Private endpoint should be enabled for IoT Hub

Name Private endpoint should be enabled for IoT Hub
Azure Portal
Id 0d40b058-9f95-4a19-93e3-9b0330baa2a3
Version 1.0.0
details on versioning
Category Internet of Things
Microsoft docs
Description Private endpoint connections enforce secure communication by enabling private connectivity to IoT Hub. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 0d40b058-9f95-4a19-93e3-9b0330baa2a3
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Private endpoint should be enabled for IoT Hub",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private endpoint connections enforce secure communication by enabling private connectivity to IoT Hub. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.",
    "metadata": {
      "version": "1.0.0",
      "category": "Internet of Things"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Devices/IotHubs"
          },
          {
            "count": {
            "field": "Microsoft.Devices/IotHubs/privateEndpointConnections[*]",
              "where": {
              "field": "Microsoft.Devices/IotHubs/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
                "equals": "Approved"
              }
            },
            "less": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0d40b058-9f95-4a19-93e3-9b0330baa2a3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0d40b058-9f95-4a19-93e3-9b0330baa2a3"
}