last sync: 2022-Sep-27 16:35:32 UTC

Azure Policy definition

Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access

Name Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access
Azure Portal
Id 36a27de4-199b-40fb-b336-945a8475d6c5
Version 2.0.0
details on versioning
Category Kubernetes
Microsoft docs
Description Ensure to improve cluster security by centrally govern Administrator access to Azure Active Directory integrated AKS clusters.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064
Rule Aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/aadProfile Microsoft.ContainerService managedClusters properties.aadProfile false
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/aadProfile.adminGroupObjectIDs[*] Microsoft.ContainerService managedClusters properties.aadProfile.adminGroupObjectIDs[*] true
Rule ResourceTypes IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-03-11 18:16:48 change Major (1.0.0 > 2.0.0)
2021-12-06 22:17:57 add 36a27de4-199b-40fb-b336-945a8475d6c5
Used in Initiatives none
JSON Changes

JSON