AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

App Service Environment apps should not be reachable over public internet

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

App Service Environment apps should not be reachable over public internet

2d048aca-6479-4923-88f5-e2ac295d9af3

Version

3.0.0
Details on versioning

Category

App Service
Microsoft Learn

Description

To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Web/HostingEnvironments/internalLoadBalancingMode	Microsoft.Web	hostingEnvironments	properties.internalLoadBalancingMode	True		False

Rule resource types

IF (1)
Microsoft.Web/hostingEnvironments

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Audit Public Network Access	f1535064-3294-48fa-94e2-6e83095a5c08	SDN	GA	BuiltIn
Public network access should be disabled for PaaS services	Deny-PublicPaaSEndpoints	Network	GA	ALZ

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-10-14 16:34:37	change	Major (2.0.0 > 3.0.0)
2022-02-11 18:30:22	change	Major (1.0.0 > 2.0.0)
2021-06-22 14:29:30	add	2d048aca-6479-4923-88f5-e2ac295d9af3

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC