AzPolicyAdvertizer

last sync: 2025-Jul-01 17:24:08 UTC

A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections

50b83b09-03da-41c1-b656-c293c914862b

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]

Category

Network
Microsoft Learn

Description

This policy ensures that all Azure virtual network gateway connections use a custom Internet Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms and key strengths - https://aka.ms/AA62kb0

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

IF (6)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Network/connections/ipsecPolicies[*].dhGroup	Microsoft.Network	connections	properties.ipsecPolicies[*].dhGroup	True	False
Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption	Microsoft.Network	connections	properties.ipsecPolicies[*].ikeEncryption	True	False
Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity	Microsoft.Network	connections	properties.ipsecPolicies[*].ikeIntegrity	True	False
Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption	Microsoft.Network	connections	properties.ipsecPolicies[*].ipsecEncryption	True	False
Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity	Microsoft.Network	connections	properties.ipsecPolicies[*].ipsecIntegrity	True	False
Microsoft.Network/connections/ipsecPolicies[*].pfsGroup	Microsoft.Network	connections	properties.ipsecPolicies[*].pfsGroup	True	False

Rule resource types

IF (1)

Microsoft.Network/connections

Compliance

The following 5 compliance controls are associated with this Policy definition 'A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections' (50b83b09-03da-41c1-b656-c293c914862b)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
K_ISMS_P_2018	2.10.1	K_ISMS_P_2018_2.10.1	K ISMS P 2018 2.10.1	2.10	Establish Procedures for Managing the Security of System Operations	Shared	n/a	Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions.		455
K_ISMS_P_2018	2.10.2	K_ISMS_P_2018_2.10.2	K ISMS P 2018 2.10.2	2.10	Establish Protective Measures for Administrator Privileges and Security Configurations	Shared	n/a	Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations.		431
K_ISMS_P_2018	2.6.1	K_ISMS_P_2018_2.6.1	K ISMS P 2018 2.6.1	2.6	Establish Network Management Procedures	Shared	n/a	Establish and implement network management procedures such as IP management, terminal authentication, and network segregation according to business purpose and criticality.		25
RMiT_v1.0	10.39	RMiT_v1.0_10.39	RMiT 10.39	Network Resilience	Network Resilience - 10.39	Shared	n/a	A financial institution must implement appropriate safeguards to minimise the risk of a system compromise in one entity affecting other entities within the group. Safeguards implemented may include establishing logical network segmentation for the financial institution from other entities within the group.	link	3
RMiT_v1.0	Appendix_5.5	RMiT_v1.0_Appendix_5.5	RMiT Appendix 5.5	Control Measures on Cybersecurity	Control Measures on Cybersecurity - Appendix 5.5	Customer	n/a	Ensure security controls for server-to-server external network connections include the following: (a) server-to-server authentication such as Public Key Infrastructure (PKI) certificate or user ID and password; (b) use of secure tunnels such as Transport Layer Security (TLS) and Virtual Private Network (VPN) IPSec; and (c) deploying staging servers with adequate perimeter defences and protection such as firewall, IPS and antivirus.	link	2

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
K ISMS P 2018	e0782c37-30da-4a78-9f92-50bfe7aa2553	Regulatory Compliance	GA	BuiltIn	unknown
RMIT Malaysia	97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6	Regulatory Compliance	GA	BuiltIn	unknown

History

none

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC