AzPolicyAdvertizer

last sync: 2021-Oct-25 16:02:14 UTC

Azure Policy definition

Modify - Configure Azure File Sync to disable public network access

Name Modify - Configure Azure File Sync to disable public network access
Azure Portal
Id 0e07b2e9-6cd9-4c40-9ccb-52817b95133b
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description The Azure File Sync's internet-accessible public endpoint are disabled by your organizational policy. You may still access the Storage Sync Service via its private endpoint(s).
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 0e07b2e9-6cd9-4c40-9ccb-52817b95133b
Used in Initiatives none
JSON 
{
  "displayName": "Modify - Configure Azure File Sync to disable public network access",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "The Azure File Sync's internet-accessible public endpoint are disabled by your organizational policy. You may still access the Storage Sync Service via its private endpoint(s).",
  "metadata": {
    "version": "1.0.0",
    "category": "Storage"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.StorageSync/storageSyncServices"
        },
        {
          "field": "Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy",
          "notEquals": "AllowVirtualNetworksOnly"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "conflictEffect": "Audit",
        "operations": [
          {
            "condition": "[greater(requestContext().apiVersion, '2019-10-01')]",
            "operation": "addOrReplace",
            "field": "Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy",
            "value": "AllowVirtualNetworksOnly"
          }
        ]
      }
    }
  }
}