last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

[Deprecated]: Monitor permissive network access in Azure Security Center

Name [Deprecated]: Monitor permissive network access in Azure Security Center
Azure Portal
Id 44452482-524f-4bf4-b852-0bff7cc4a3ed
Version 1.0.0-deprecated
details on versioning
Category Security Center
Microsoft docs
Description Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations
Mode All
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives none
JSON
{
  "displayName": "[Deprecated]: Monitor permissive network access in Azure Security Center",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations",
  "metadata": {
    "version": "1.0.0-deprecated",
    "category": "Security Center",
    "deprecated": true
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "in": [
        "Microsoft.Compute/virtualMachines",
        "Microsoft.ClassicCompute/virtualMachines"
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Security/complianceResults",
        "name": "permissiveNetworkAccess",
        "existenceCondition": {
          "field": "Microsoft.Security/complianceResults/resourceStatus",
          "in": [
            "OffByPolicy",
            "Healthy"
          ]
        }
      }
    }
  }
}