last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Public network access should be disabled for Azure File Sync

Name Public network access should be disabled for Azure File Sync
Azure Portal
Id 21a8cd35-125e-4d13-b82d-2e19b7208bb7
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Disabling the public endpoint allows you to restrict access to your Storage Sync Service resource to requests destined to approved private endpoints on your organization's network. There is nothing inherently insecure about allowing requests to the public endpoint, however, you may wish to disable it to meet regulatory, legal, or organizational policy requirements. You can disable the public endpoint for a Storage Sync Service by setting the incomingTrafficPolicy of the resource to AllowVirtualNetworksOnly.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 21a8cd35-125e-4d13-b82d-2e19b7208bb7
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Public network access should be disabled for Azure File Sync",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling the public endpoint allows you to restrict access to your Storage Sync Service resource to requests destined to approved private endpoints on your organization's network. There is nothing inherently insecure about allowing requests to the public endpoint, however, you may wish to disable it to meet regulatory, legal, or organizational policy requirements. You can disable the public endpoint for a Storage Sync Service by setting the incomingTrafficPolicy of the resource to AllowVirtualNetworksOnly.",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.StorageSync/storageSyncServices"
          },
          {
            "field": "Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy",
            "notEquals": "AllowVirtualNetworksOnly"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "21a8cd35-125e-4d13-b82d-2e19b7208bb7"
}