AzPolicyAdvertizer

last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Modify - Configure Azure File Sync to disable public network access

Name Modify - Configure Azure File Sync to disable public network access
Azure Portal

Id 0e07b2e9-6cd9-4c40-9ccb-52817b95133b

Version 1.0.0
details on versioning

Category Storage
Microsoft docs

Description The Azure File Sync's internet-accessible public endpoint are disabled by your organizational policy. You may still access the Storage Sync Service via its private endpoint(s).

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Modify
Allowed: (Modify, Disabled)

Used RBAC Role

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-02 15:11:40	add	0e07b2e9-6cd9-4c40-9ccb-52817b95133b

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Modify - Configure Azure File Sync to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "The Azure File Sync's internet-accessible public endpoint are disabled by your organizational policy. You may still access the Storage Sync Service via its private endpoint(s).",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.StorageSync/storageSyncServices"
          },
          {
            "field": "Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy",
            "notEquals": "AllowVirtualNetworksOnly"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "conflictEffect": "Audit",
          "operations": [
            {
            "condition": "[greater(requestContext().apiVersion, '2019-10-01')]",
              "operation": "addOrReplace",
              "field": "Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy",
              "value": "AllowVirtualNetworksOnly"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0e07b2e9-6cd9-4c40-9ccb-52817b95133b"
}