last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Private endpoints for Guest Configuration assignments should be enabled

Name Private endpoints for Guest Configuration assignments should be enabled
Azure Portal
Id 480d0f91-30af-4a76-9afb-f5710ac52b09
Version 1.0.0
details on versioning
Category Guest Configuration
Microsoft docs
Description Private endpoint connections enforce secure communication by enabling private connectivity to Guest Configuration for virtual machines. Virtual machines will be non-compliant unless they have the tag, 'EnablePrivateNetworkGC'. This tag enforces secure communication through private connectivity to Guest Configuration for Virtual Machines. Private connectivity limits access to traffic coming only from known networks and prevents access from all other IP addresses, including within Azure.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-31 14:35:06 add 480d0f91-30af-4a76-9afb-f5710ac52b09
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Private endpoints for Guest Configuration assignments should be enabled",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Private endpoint connections enforce secure communication by enabling private connectivity to Guest Configuration for virtual machines. Virtual machines will be non-compliant unless they have the tag, 'EnablePrivateNetworkGC'. This tag enforces secure communication through private connectivity to Guest Configuration for Virtual Machines. Private connectivity limits access to traffic coming only from known networks and prevents access from all other IP addresses, including within Azure.",
    "metadata": {
      "version": "1.0.0",
      "category": "Guest Configuration"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.GuestConfiguration/guestConfigurationAssignments"
          },
          {
            "field": "id",
            "contains": "Microsoft.Compute/virtualMachines"
          },
          {
            "not": {
              "anyof": [
                {
                "field": "[concat('tags[', 'EnablePrivateNeworkGC', ']')]",
                  "equals": "TRUE"
                },
                {
                "field": "[concat('tags[', 'EnablePrivateNetworkGC', ']')]",
                  "equals": "TRUE"
                }
              ]
            }
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/480d0f91-30af-4a76-9afb-f5710ac52b09",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "480d0f91-30af-4a76-9afb-f5710ac52b09"
}