AzPolicyAdvertizer

last sync: 2025-Jul-22 17:47:35 UTC

Azure Key Vault should disable public network access

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Key Vault should disable public network access
Id 405c5871-3e91-4644-8a63-58e19d68ff5b
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Key Vault
Microsoft Learn
Description Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.1.0'
Repository: Azure-Policy 405c5871-3e91-4644-8a63-58e19d68ff5b
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.KeyVault/vaults/createMode Microsoft.KeyVault vaults properties.createMode True True
Microsoft.KeyVault/vaults/publicNetworkAccess Microsoft.KeyVault vaults properties.publicNetworkAccess True True
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Rows: 1-3 / 3
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Control the use of Key Vault in a Virtual Enclave 4f4dba0f-a5ee-494b-8df7-f9727dea6f37 VirtualEnclaves Preview BuiltIn true
Audit Public Network Access f1535064-3294-48fa-94e2-6e83095a5c08 SDN GA BuiltIn unknown
Public network access should be disabled for PaaS services Deny-PublicPaaSEndpoints Network GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-03-31 17:44:15 change Minor (1.0.0 > 1.1.0)
2022-06-10 16:31:21 add 405c5871-3e91-4644-8a63-58e19d68ff5b
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Key Vault"
9
  },
10
  "parameters": {
11
  "effect": {
@@ -29,14 +29,32 @@
29
  "field": "type",
30
  "equals": "Microsoft.KeyVault/vaults"
31
  },
32
  {
 
33
- "field": "Microsoft.KeyVault/vaults/createMode",
34
- "notEquals": "recover"
 
35
  },
36
  {
 
 
 
 
 
 
 
 
 
 
 
 
37
- "field": "Microsoft.KeyVault/vaults/publicNetworkAccess",
38
- "notEquals": "Disabled"
 
 
 
 
39
  }
40
  ]
41
  },
42
  "then": {
 
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Key Vault"
9
  },
10
  "parameters": {
11
  "effect": {
 
29
  "field": "type",
30
  "equals": "Microsoft.KeyVault/vaults"
31
  },
32
  {
33
+ "not": {
34
+ "field": "Microsoft.KeyVault/vaults/createMode",
35
+ "equals": "recover"
36
+ }
37
  },
38
  {
39
+ "anyOf": [
40
+ {
41
+ "value": "[requestContext().apiVersion]",
42
+ "less": "2021-06-01-preview"
43
+ },
44
+ {
45
+ "allOf": [
46
+ {
47
+ "value": "[requestContext().apiVersion]",
48
+ "greaterOrEquals": "2021-06-01-preview"
49
+ },
50
+ {
51
+ "field": "Microsoft.KeyVault/vaults/publicNetworkAccess",
52
+ "notEquals": "Disabled"
53
+ }
54
+ ]
55
+ }
56
+ ]
57
  }
58
  ]
59
  },
60
  "then": {
JSON
api-version=2021-06-01
EPAC 
{7 items}