last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

Azure Cosmos DB key based metadata write access should be disabled

Name Azure Cosmos DB key based metadata write access should be disabled
Azure Portal
Id 4750c32b-89c0-46af-bfcb-2e4541a818d5
Version 1.0.0
details on versioning
Category Cosmos DB
Microsoft docs
Description This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: append
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-05-29 15:39:09 add 4750c32b-89c0-46af-bfcb-2e4541a818d5
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
Enable Azure Cosmos DB throughput policy cb5e1e90-7c33-491c-a15b-24885c915752 Cosmos DB GA
Json
{
  "properties": {
    "displayName": "Azure Cosmos DB key based metadata write access should be disabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DocumentDB/databaseAccounts"
          },
          {
            "field": "Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess",
            "notEquals": true
          }
        ]
      },
      "then": {
        "effect": "append",
        "details": [
          {
            "field": "Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess",
            "value": true
          }
        ]
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "4750c32b-89c0-46af-bfcb-2e4541a818d5"
}