last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Cosmos DB database accounts should have local authentication methods disabled

Name Cosmos DB database accounts should have local authentication methods disabled
Azure Portal
Id 5450f5bd-9c72-4390-a9c4-a7aba4edfdd2
Version 1.0.0
details on versioning
Category Cosmos DB
Microsoft docs
Description Disabling local authentication methods improves security by ensuring that Cosmos DB database accounts exclusively require Azure Active Directory identities for authentication. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac#disable-local-auth.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-07 15:26:31 add 5450f5bd-9c72-4390-a9c4-a7aba4edfdd2
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Cosmos DB database accounts should have local authentication methods disabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling local authentication methods improves security by ensuring that Cosmos DB database accounts exclusively require Azure Active Directory identities for authentication. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac#disable-local-auth.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DocumentDB/databaseAccounts"
          },
          {
            "field": "Microsoft.DocumentDB/databaseAccounts/disableLocalAuth",
            "notEquals": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5450f5bd-9c72-4390-a9c4-a7aba4edfdd2"
}