last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Azure Cosmos DB key based metadata write access should be disabled

Policy DisplayName Azure Cosmos DB key based metadata write access should be disabled
Policy Id 4750c32b-89c0-46af-bfcb-2e4541a818d5
Policy Category Cosmos DB
Policy Description This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: append
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-05-29 15:39:09 add: Policy 4750c32b-89c0-46af-bfcb-2e4541a818d5
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
Enable Azure Cosmos DB throughput policy cb5e1e90-7c33-491c-a15b-24885c915752
Policy Rule
{
  "properties": {
    "displayName": "Azure Cosmos DB key based metadata write access should be disabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DocumentDB/databaseAccounts"
          },
          {
            "field": "Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess",
            "notEquals": true
          }
        ]
      },
      "then": {
        "effect": "append",
        "details": [
          {
            "field": "Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess",
            "value": true
          }
        ]
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "4750c32b-89c0-46af-bfcb-2e4541a818d5"
}