last sync: 2022-Jun-28 16:32:57 UTC

Azure Policy definition

Container registries should have exports disabled

Name Container registries should have exports disabled
Azure Portal
Id 524b0254-c285-4903-bee6-bb8126cde579
Version 1.0.0
details on versioning
Category Container Registry
Microsoft docs
Description Disabling exports improves security by ensuring data in a registry is accessed solely via the dataplane ('docker pull'). Data cannot be moved out of the registry via 'acr import' or via 'acr transfer'. In order to disable exports, public network access must be disabled. Learn more at: https://aka.ms/acr/export-policy.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
Rule Aliases IF (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerRegistry/registries/policies.exportPolicy.status Microsoft.ContainerRegistry registries properties.policies.exportPolicy.status false
Microsoft.ContainerRegistry/registries/publicNetworkAccess Microsoft.ContainerRegistry registries properties.publicNetworkAccess true
Rule ResourceTypes IF (1)
Microsoft.ContainerRegistry/registries
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-09 19:32:42 add 524b0254-c285-4903-bee6-bb8126cde579
Used in Initiatives none
JSON