AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections

Azure BuiltIn Policy definition

Source Azure Portal
Display name A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections
Id 50b83b09-03da-41c1-b656-c293c914862b
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Network
Microsoft Learn
Description This policy ensures that all Azure virtual network gateway connections use a custom Internet Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms and key strengths - https://aka.ms/AA62kb0
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (6)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/connections/ipsecPolicies[*].dhGroup Microsoft.Network connections properties.ipsecPolicies[*].dhGroup True False
Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption Microsoft.Network connections properties.ipsecPolicies[*].ikeEncryption True False
Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity Microsoft.Network connections properties.ipsecPolicies[*].ikeIntegrity True False
Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption Microsoft.Network connections properties.ipsecPolicies[*].ipsecEncryption True False
Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity Microsoft.Network connections properties.ipsecPolicies[*].ipsecIntegrity True False
Microsoft.Network/connections/ipsecPolicies[*].pfsGroup Microsoft.Network connections properties.ipsecPolicies[*].pfsGroup True False
Rule resource types IF (1)
Compliance
The following 2 compliance controls are associated with this Policy definition 'A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections' (50b83b09-03da-41c1-b656-c293c914862b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience Network Resilience - 10.39 Shared n/a A financial institution must implement appropriate safeguards to minimise the risk of a system compromise in one entity affecting other entities within the group. Safeguards implemented may include establishing logical network segmentation for the financial institution from other entities within the group. link 3
RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.5 Customer n/a Ensure security controls for server-to-server external network connections include the following: (a) server-to-server authentication such as Public Key Infrastructure (PKI) certificate or user ID and password; (b) use of secure tunnels such as Transport Layer Security (TLS) and Virtual Private Network (VPN) IPSec; and (c) deploying staging servers with adequate perimeter defences and protection such as firewall, IPS and antivirus. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC