AzPolicyAdvertizer

last sync: 2025-Aug-13 17:22:53 UTC

Azure Kubernetes Service Clusters should enable Microsoft Entra ID integration

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Azure Kubernetes Service Clusters should enable Microsoft Entra ID integration

450d2877-ebea-41e8-b00c-e286317d21bf

Version

1.0.2
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.2
Built-in Versioning [Preview]

Category

Kubernetes
Microsoft Learn

Description

AKS-managed Microsoft Entra ID integration can manage the access to the clusters by configuring Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Learn more at: https://aka.ms/aks-managed-aad.

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.ContainerService/managedClusters/aadProfile	Microsoft.ContainerService	managedClusters	properties.aadProfile	True		False

Rule resource types

IF (1)

Microsoft.ContainerService/managedClusters

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-10-23 17:41:36	change	Patch (1.0.1 > 1.0.2)
2022-10-21 16:42:13	change	Patch (1.0.0 > 1.0.1)
2022-03-18 17:53:47	add	450d2877-ebea-41e8-b00c-e286317d21bf

JSON compare

compare mode: version left: version right:

1.0.1 → 1.0.2 RENAMED Viewed

@@ -3,9 +3,9 @@
     "policyType": "BuiltIn",
     "mode": "Indexed",
     "description": "AKS-managed Azure Active Directory integration can manage the access to the clusters by configuring Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Learn more at: https://aka.ms/aks-managed-aad.",
     "metadata": {
-        "version": "1.0.1",
         "category": "Kubernetes"
     },
     "parameters": {
         "effect": {

     "policyType": "BuiltIn",
     "mode": "Indexed",
     "description": "AKS-managed Azure Active Directory integration can manage the access to the clusters by configuring Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Learn more at: https://aka.ms/aks-managed-aad.",
     "metadata": {
+        "version": "1.0.2",
         "category": "Kubernetes"
     },
     "parameters": {
         "effect": {

JSON

api-version=2021-06-01
EPAC

{7 itemsdisplayName: "Azure Kubernetes Service Clusters should enable Microsoft Entra ID integration",
policyType: "BuiltIn",
mode: "Indexed",
description: "AKS-managed Microsoft Entra ID integration can manage the access to the clusters by configuring Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Learn more at: https://aka.ms/aks-managed-aad.",
metadata: {2 itemsversion: "1.0.2",
category: "Kubernetes"
},
parameters: {1 itemeffect: {4 itemstype: "String",
metadata: {3 itemsdisplayName: "Effect",
description: "Enable or disable the execution of the policy.",
portalReview: true
},
allowedValues: [2 items"Audit",
"Disabled"
],
defaultValue: "Audit"
}
},
policyRule: {2 itemsif: {1 itemallOf: [2 items{2 itemsfield: "type",
equals: "Microsoft.ContainerService/managedClusters"
},
{2 itemsfield: "Microsoft.ContainerService/managedClusters/aadProfile",
exists: false
}
]
},
then: {1 itemeffect: "[parameters('effect')]"
}
}
}