last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

[Deprecated]: Audit IP restrictions configuration for an API App

Name [Deprecated]: Audit IP restrictions configuration for an API App
Azure Portal
Id 48893b84-a2c8-4d9a-badf-835d5d1b7d53
Version 1.0.0-deprecated
details on versioning
Category Security Center
Microsoft docs
Description IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.
Mode All
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives none
JSON
{
  "displayName": "[Deprecated]: Audit IP restrictions configuration for an API App",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.",
  "metadata": {
    "version": "1.0.0-deprecated",
    "category": "Security Center",
    "deprecated": true
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allof": [
        {
          "field": "type",
          "equals": "microsoft.Web/sites"
        },
        {
          "anyof": [
            {
              "field": "kind",
              "equals": "api"
            },
            {
              "field": "kind",
              "equals": "apiApp"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Security/complianceResults",
        "name": "ConfigureIPRestrictions",
        "existenceCondition": {
          "field": "Microsoft.Security/complianceResults/resourceStatus",
          "in": [
            "OffByPolicy",
            "Healthy"
          ]
        }
      }
    }
  }
}