last sync: 2024-May-27 19:38:21 UTC

Configure Storage Accounts to restrict network access through network ACL bypass configuration only.

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure Storage Accounts to restrict network access through network ACL bypass configuration only.
Id 41a72361-06e3-4e80-832a-690bd0708bc1
Version 1.0.0
Details on versioning
Category VirtualEnclaves
Microsoft Learn
Description To improve the security of Storage Accounts, enable access only through network ACL bypass. This policy should be used in combination with a private endpoint for storage account access.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Modify
Allowed
Modify, Disabled
RBAC role(s)
Role Name Role Id
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab
Rule aliases IF (5)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/networkAcls.bypass Microsoft.Storage storageAccounts properties.networkAcls.bypass true
Microsoft.Storage/storageAccounts/networkAcls.defaultAction Microsoft.Storage storageAccounts properties.networkAcls.defaultAction true
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*] Microsoft.Storage storageAccounts properties.networkAcls.ipRules[*] true
Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*] Microsoft.Storage storageAccounts properties.networkAcls.resourceAccessRules[*] false
Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*] Microsoft.Storage storageAccounts properties.networkAcls.virtualNetworkRules[*] true
THEN-Operations (4)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/networkAcls.bypass Microsoft.Storage storageAccounts properties.networkAcls.bypass true
Microsoft.Storage/storageAccounts/networkAcls.defaultAction Microsoft.Storage storageAccounts properties.networkAcls.defaultAction true
Microsoft.Storage/storageAccounts/networkAcls.ipRules Microsoft.Storage storageAccounts properties.networkAcls.ipRules true
Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules Microsoft.Storage storageAccounts properties.networkAcls.virtualNetworkRules true
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Storage Accounts in a Virtual Enclave ca122c06-05f6-4423-9018-ccb523168eb2 VirtualEnclaves Preview BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-02-27 19:10:20 add 41a72361-06e3-4e80-832a-690bd0708bc1
JSON compare n/a
JSON
api-version=2021-06-01
EPAC