last sync: 2022-Nov-25 17:41:58 UTC

Azure Policy definition

Container registries should have exports disabled

Name Container registries should have exports disabled
Azure Portal
Id 524b0254-c285-4903-bee6-bb8126cde579
Version 1.0.0
details on versioning
Category Container Registry
Microsoft docs
Description Disabling exports improves security by ensuring data in a registry is accessed solely via the dataplane ('docker pull'). Data cannot be moved out of the registry via 'acr import' or via 'acr transfer'. In order to disable exports, public network access must be disabled. Learn more at: https://aka.ms/acr/export-policy.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC
Role(s)
none
Rule
Aliases
IF (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerRegistry/registries/policies.exportPolicy.status Microsoft.ContainerRegistry registries properties.policies.exportPolicy.status false
Microsoft.ContainerRegistry/registries/publicNetworkAccess Microsoft.ContainerRegistry registries properties.publicNetworkAccess true
Rule
ResourceTypes
IF (1)
Microsoft.ContainerRegistry/registries
Compliance Not a Compliance control
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-09 19:32:42 add 524b0254-c285-4903-bee6-bb8126cde579
Initiatives
usage
none
JSON