last sync: 2020-Sep-25 13:37:27 UTC

Azure Policy

[Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM

Policy DisplayName [Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM
Policy Id 201ea587-7c90-41c3-910f-c280ae01cfd6
Policy Category Security Center
Policy Description Azure security center has discovered that some of your virtual machines are running web applications, and the NSGs associated to these virtual machines are overly permissive with regards to the web application ports
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated True
Policy Effect Default: Disabled
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-02-20 08:25:18 change: DisplayName previous DisplayName: Web ports should be restricted on Network Security Groups associated to your VM
2020-01-10 16:39:23 change: DisplayName previous DisplayName: The NSGs rules for web applications on IaaS should be hardened
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Azure security center has discovered that some of your virtual machines are running web applications, and the NSGs associated to these virtual machines are overly permissive with regards to the web application ports",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Security Center",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "in": [
          "Microsoft.Compute/virtualMachines",
          "Microsoft.ClassicCompute/virtualMachines"
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/complianceResults",
          "name": "unprotectedWebApplication",
          "existenceCondition": {
            "field": "Microsoft.Security/complianceResults/resourceStatus",
            "in": [
              "OffByPolicy",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "201ea587-7c90-41c3-910f-c280ae01cfd6"
}