| Source |
Repository Community-Policy GitHub JSON Community-Policy GitHub |
||||||||||||||
| Display name | Storage Accounts firewall IP rules may only contain IPs from a list of approved IPs | ||||||||||||||
| Id | 0eaf4df1-76b8-4278-9d73-5b4a6f122117 | ||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||
| Category | Storage Microsoft Learn |
||||||||||||||
| Description | Storage Account firewalls can have IP rules. Typically we don't want to allow users to add any IP or range to the firewall, but instead, as is more typical, we want only corporate public IP space to be allowed within the firewall. This Policy can detect if an IP or range of IPs being added to the firewall on a storage account is within a list of IPs that you pass into this Policy. | ||||||||||||||
| Mode | Indexed | ||||||||||||||
| Type | Custom Community | ||||||||||||||
| Effect | Default Audit Allowed Deny, Audit, Disabled |
||||||||||||||
| RBAC role(s) | none | ||||||||||||||
| Rule aliases | IF (1)
|
||||||||||||||
| Rule resource types | IF (1) Microsoft.Storage/storageAccounts |
||||||||||||||
| JSON |
|