last sync: 2022-Sep-30 16:34:23 UTC

Azure Policy definition

Azure Key Vault should have firewall enabled

Name Azure Key Vault should have firewall enabled
Azure Portal
Id 55615ac9-af46-4a59-874e-391cc3dfb490
Version 3.0.0
details on versioning
Category Key Vault
Microsoft docs
Description Enable the key vault firewall so that the key vault is not accessible by default to any public IPs. You can then configure specific IP ranges to limit access to those networks. Learn more at: https://docs.microsoft.com/azure/key-vault/general/network-security
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
Rule Aliases IF (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.KeyVault/vaults/createMode Microsoft.KeyVault vaults properties.createMode true
Microsoft.KeyVault/vaults/networkAcls.defaultAction Microsoft.KeyVault vaults properties.networkAcls.defaultAction true
Rule ResourceTypes IF (1)
Microsoft.KeyVault/vaults
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-06-10 16:31:21 change Major, old suffix: preview (2.0.0-preview > 3.0.0)
2021-06-08 15:17:13 change Major, suffix remains equal (1.1.0-preview > 2.0.0-preview)
2021-04-21 13:28:46 change Minor, suffix remains equal (1.0.2-preview > 1.1.0-preview)
2020-12-11 15:42:52 change Patch, suffix remains equal (1.0.1-preview > 1.0.2-preview)
2020-09-09 11:24:03 add 55615ac9-af46-4a59-874e-391cc3dfb490
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated BuiltIn
[Preview]: CMMC 2.0 Level 2 4e50fd13-098b-3206-61d6-d1d78205cb45 Regulatory Compliance Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Public network access should be disabled for PaaS services Deny-PublicPaaSEndpoints Network GA ALZ
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON Changes

JSON