last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

[Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM

Name [Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM
Azure Portal
Id 201ea587-7c90-41c3-910f-c280ae01cfd6
Version 1.0.0-deprecated
details on versioning
Category Security Center
Microsoft docs
Description Azure security center has discovered that some of your virtual machines are running web applications, and the NSGs associated to these virtual machines are overly permissive with regards to the web application ports
Mode All
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: Disabled
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-02-20 08:25:18 change Previous DisplayName: Web ports should be restricted on Network Security Groups associated to your VM
2020-01-10 16:39:23 change Previous DisplayName: The NSGs rules for web applications on IaaS should be hardened
Used in Initiatives none
JSON
{
  "displayName": "[Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "Azure security center has discovered that some of your virtual machines are running web applications, and the NSGs associated to these virtual machines are overly permissive with regards to the web application ports",
  "metadata": {
    "version": "1.0.0-deprecated",
    "category": "Security Center",
    "deprecated": true
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "in": [
        "Microsoft.Compute/virtualMachines",
        "Microsoft.ClassicCompute/virtualMachines"
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Security/complianceResults",
        "name": "unprotectedWebApplication",
        "existenceCondition": {
          "field": "Microsoft.Security/complianceResults/resourceStatus",
          "in": [
            "OffByPolicy",
            "Healthy"
          ]
        }
      }
    }
  }
}