AzPolicyAdvertizer

last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

App Service Environment apps should not be reachable over public internet

Name App Service Environment apps should not be reachable over public internet
Azure Portal

Id 2d048aca-6479-4923-88f5-e2ac295d9af3

Version 1.0.0
details on versioning

Category App Service
Microsoft docs

Description To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-06-22 14:29:30	add	2d048aca-6479-4923-88f5-e2ac295d9af3

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "App Service Environment apps should not be reachable over public internet",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer.",
    "metadata": {
      "version": "1.0.0",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Web/hostingEnvironments"
          },
          {
            "field": "kind",
            "like": "ASE*"
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                  "value": "[requestContext().apiVersion]",
                    "less": "2018-02-01"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
                        "notContains": "2"
                      },
                      {
                        "field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
                        "notContains": "3"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                  "value": "[requestContext().apiVersion]",
                    "greaterOrEquals": "2018-02-01"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
                        "notContains": "Web"
                      },
                      {
                        "field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
                        "notContains": "Publishing"
                      }
                    ]
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2d048aca-6479-4923-88f5-e2ac295d9af3"
}