Source | Azure Portal | |||||||||||||||||||||
Display name | [Deprecated]: API Management minimum API version should be set to 2019-12-01 or higher | |||||||||||||||||||||
Id | 549814b6-3212-4203-bdc8-1548d342fb67 | |||||||||||||||||||||
Version | 1.1.0-deprecated Details on versioning |
|||||||||||||||||||||
Versioning |
Versions supported for Versioning: 2 1.1.0 (1.1.0-deprecated) 1.0.1 Built-in Versioning [Preview] |
|||||||||||||||||||||
Category | API Management Microsoft Learn |
|||||||||||||||||||||
Description | While we continue to recommend using the latest management API versions, configuring a minimum API version no longer affects the security posture of API Management services. Learn more about policy definition deprecation at aka.ms/policydefdeprecation | |||||||||||||||||||||
Cloud environments | AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown |
|||||||||||||||||||||
Available in AzUSGov | Unknown, no evidence if Policy definition is/not available in AzureUSGovernment | |||||||||||||||||||||
Assessment(s) |
Assessments count: 1 Assessment Id: b9f2fa58-7571-4e7f-978f-5d224a011c89 DisplayName: API Management minimum API version should be set to 2019-12-01 or higher Description: To prevent service secrets from being shared with read-only users, the minimum API version should be set to 2019-12-01 or higher. Remediation description: To set the minimum API version of your API Management instance: 1. In the Azure portal, find your API Management Resource 2. Navigate to the Management API blade 3. Select Management API settings 4. Under Prevent users with read-only permissions from accessing service secrets, select 'Yes' 5. Select 'Save.' Categories: Compute Severity: Medium User impact: High Threats: DataSpillage |
|||||||||||||||||||||
Mode | Indexed | |||||||||||||||||||||
Type | BuiltIn | |||||||||||||||||||||
Preview | False | |||||||||||||||||||||
Deprecated | True | |||||||||||||||||||||
Effect | Default Disabled Allowed Audit, Deny, Disabled |
|||||||||||||||||||||
RBAC role(s) | none | |||||||||||||||||||||
Rule aliases | IF (2)
|
|||||||||||||||||||||
Rule resource types | IF (1) |
|||||||||||||||||||||
Compliance | Not a Compliance control | |||||||||||||||||||||
Initiatives usage |
|
|||||||||||||||||||||
History |
|
|||||||||||||||||||||
JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||
JSON |
|