last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure Azure Automation account to disable local authentication

Name Configure Azure Automation account to disable local authentication
Azure Portal
Id 30d1d58e-8f96-47a5-8564-499a3f3cca81
Version 1.0.0
details on versioning
Category Automation
Microsoft docs
Description Disable local authentication methods so that your Azure Automation accounts exclusively require Azure Active Directory identities for authentication.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-21 16:12:09 add 30d1d58e-8f96-47a5-8564-499a3f3cca81
Used in Initiatives none
JSON
{
  "displayName": "Configure Azure Automation account to disable local authentication",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable local authentication methods so that your Azure Automation accounts exclusively require Azure Active Directory identities for authentication.",
  "metadata": {
    "version": "1.0.0",
    "category": "Automation"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Automation/automationAccounts"
        },
        {
          "field": "Microsoft.Automation/automationAccounts/disableLocalAuth",
          "notEquals": true
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "conflictEffect": "audit",
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "operations": [
          {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2021-06-22')]",
            "operation": "addOrReplace",
            "field": "Microsoft.Automation/automationAccounts/disableLocalAuth",
            "value": true
          }
        ]
      }
    }
  }
}