last sync: 2024-Dec-11 20:29:09 UTC

App Service Environment apps should not be reachable over public internet

Azure BuiltIn Policy definition

Source Azure Portal
Display name App Service Environment apps should not be reachable over public internet
Id 2d048aca-6479-4923-88f5-e2ac295d9af3
Version 3.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
3.0.0
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/HostingEnvironments/internalLoadBalancingMode Microsoft.Web hostingEnvironments properties.internalLoadBalancingMode True False
Rule resource types IF (1)
Microsoft.Web/hostingEnvironments
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Audit Public Network Access f1535064-3294-48fa-94e2-6e83095a5c08 SDN GA BuiltIn
Public network access should be disabled for PaaS services Deny-PublicPaaSEndpoints Network GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-14 16:34:37 change Major (2.0.0 > 3.0.0)
2022-02-11 18:30:22 change Major (1.0.0 > 2.0.0)
2021-06-22 14:29:30 add 2d048aca-6479-4923-88f5-e2ac295d9af3
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC