last sync: 2020-Aug-05 13:05:29 UTC

Azure Policy

VM Image Builder templates should use private link

Policy DisplayName VM Image Builder templates should use private link
Policy Id 2154edb9-244f-4741-9970-660785bccdaa
Policy Category VM Image Builder
Policy Description Audit VM Image Builder templates that do not have a virtual network configured. When a virtual network is not configured, a public IP is created and used instead which may expose resources directly to the internet and increase the potential attack surface.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-07-01 14:50:07 add: Policy 2154edb9-244f-4741-9970-660785bccdaa
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "VM Image Builder templates should use private link",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Audit VM Image Builder templates that do not have a virtual network configured. When a virtual network is not configured, a public IP is created and used instead which may expose resources directly to the internet and increase the potential attack surface.",
    "metadata": {
      "version": "1.0.0",
      "category": "VM Image Builder"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.VirtualMachineImages/imageTemplates"
          },
          {
            "field": "Microsoft.VirtualMachineImages/imageTemplates/vmProfile.vnetConfig",
            "exists": "false"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2154edb9-244f-4741-9970-660785bccdaa"
}