last sync: 2024-Apr-24 17:46:58 UTC

Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access
Id 36a27de4-199b-40fb-b336-945a8475d6c5
Version 2.1.0
Details on versioning
Category Kubernetes
Microsoft Learn
Description Ensure to improve cluster security by centrally govern Administrator access to Microsoft Entra ID integrated AKS clusters.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/aadProfile Microsoft.ContainerService managedClusters properties.aadProfile false
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/aadProfile.adminGroupObjectIDs[*] Microsoft.ContainerService managedClusters properties.aadProfile.adminGroupObjectIDs[*] true
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-15 22:15:34 change Minor (2.0.4 > 2.1.0)
2023-10-31 19:02:40 change Patch (2.0.3 > 2.0.4)
2023-10-23 17:41:36 change Patch (2.0.1 > 2.0.3)
2022-10-21 16:42:13 change Patch (2.0.0 > 2.0.1)
2022-03-11 18:16:48 change Major (1.0.0 > 2.0.0)
2021-12-06 22:17:57 add 36a27de4-199b-40fb-b336-945a8475d6c5
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC