AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Configure Storage Accounts to restrict network access through network ACL bypass configuration only.

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Configure Storage Accounts to restrict network access through network ACL bypass configuration only.

41a72361-06e3-4e80-832a-690bd0708bc1

Version

1.0.0
Details on versioning

Category

VirtualEnclaves
Microsoft Learn

Description

To improve the security of Storage Accounts, enable access only through network ACL bypass. This policy should be used in combination with a private endpoint for storage account access.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Modify
Allowed
Modify, Disabled

RBAC role(s)

Role Name	Role Id
Storage Account Contributor	17d1049b-9a84-46fb-8f53-869881c3d3ab

Rule aliases

IF (5)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Storage/storageAccounts/networkAcls.bypass	Microsoft.Storage	storageAccounts	properties.networkAcls.bypass	True	True
Microsoft.Storage/storageAccounts/networkAcls.defaultAction	Microsoft.Storage	storageAccounts	properties.networkAcls.defaultAction	True	True
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]	Microsoft.Storage	storageAccounts	properties.networkAcls.ipRules[*]	True	True
Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]	Microsoft.Storage	storageAccounts	properties.networkAcls.resourceAccessRules[*]	True	False
Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*]	Microsoft.Storage	storageAccounts	properties.networkAcls.virtualNetworkRules[*]	True	True

THEN-Operations (4)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Storage/storageAccounts/networkAcls.bypass	Microsoft.Storage	storageAccounts	properties.networkAcls.bypass	True	True
Microsoft.Storage/storageAccounts/networkAcls.defaultAction	Microsoft.Storage	storageAccounts	properties.networkAcls.defaultAction	True	True
Microsoft.Storage/storageAccounts/networkAcls.ipRules	Microsoft.Storage	storageAccounts	properties.networkAcls.ipRules	True	True
Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules	Microsoft.Storage	storageAccounts	properties.networkAcls.virtualNetworkRules	True	True

Rule resource types

IF (1)
Microsoft.Storage/storageAccounts

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Control the use of Storage Accounts in a Virtual Enclave	ca122c06-05f6-4423-9018-ccb523168eb2	VirtualEnclaves	Preview	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-02-27 19:10:20	add	41a72361-06e3-4e80-832a-690bd0708bc1

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC