AzPolicyAdvertizer

last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Private endpoints for Guest Configuration assignments should be enabled

Name Private endpoints for Guest Configuration assignments should be enabled
Azure Portal

Id 480d0f91-30af-4a76-9afb-f5710ac52b09

Version 1.0.0
details on versioning

Category Guest Configuration
Microsoft docs

Description Private endpoint connections enforce secure communication by enabling private connectivity to Guest Configuration for virtual machines. Virtual machines will be non-compliant unless they have the tag, 'EnablePrivateNetworkGC'. This tag enforces secure communication through private connectivity to Guest Configuration for Virtual Machines. Private connectivity limits access to traffic coming only from known networks and prevents access from all other IP addresses, including within Azure.

Mode All

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-31 14:35:06	add	480d0f91-30af-4a76-9afb-f5710ac52b09

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Private endpoints for Guest Configuration assignments should be enabled",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Private endpoint connections enforce secure communication by enabling private connectivity to Guest Configuration for virtual machines. Virtual machines will be non-compliant unless they have the tag, 'EnablePrivateNetworkGC'. This tag enforces secure communication through private connectivity to Guest Configuration for Virtual Machines. Private connectivity limits access to traffic coming only from known networks and prevents access from all other IP addresses, including within Azure.",
    "metadata": {
      "version": "1.0.0",
      "category": "Guest Configuration"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.GuestConfiguration/guestConfigurationAssignments"
          },
          {
            "field": "id",
            "contains": "Microsoft.Compute/virtualMachines"
          },
          {
            "not": {
              "anyof": [
                {
                "field": "[concat('tags[', 'EnablePrivateNeworkGC', ']')]",
                  "equals": "TRUE"
                },
                {
                "field": "[concat('tags[', 'EnablePrivateNetworkGC', ']')]",
                  "equals": "TRUE"
                }
              ]
            }
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/480d0f91-30af-4a76-9afb-f5710ac52b09",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "480d0f91-30af-4a76-9afb-f5710ac52b09"
}