AzPolicyAdvertizer

last sync: 2025-Jul-18 17:23:11 UTC

Service Endpoints on Subnets

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 2ad7cecd-e246-44fa-8215-b366d5781129 (1.0.0) to Azure
Display name Service Endpoints on Subnets
Id 2ad7cecd-e246-44fa-8215-b366d5781129
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description This Policy will deny/audit Service Endpoints on subnets. Service Endpoints allows the network traffic to bypass Network appliances, such as the Azure Firewall.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*] Microsoft.Network virtualNetworks/subnets properties.serviceEndpoints[*] True True
Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service Microsoft.Network virtualNetworks/subnets properties.serviceEndpoints[*].service True True
Rule resource types IF (1)
Microsoft.Network/virtualNetworks/subnets
JSON
EPAC
Deploy policy 2ad7cecd-e246-44fa-8215-b366d5781129 (1.0.0) to Azure