last sync: 2020-Oct-01 14:15:17 UTC

Azure Policy

[Preview]: Firewall should be enabled on Key Vault

Policy DisplayName [Preview]: Firewall should be enabled on Key Vault
Policy Id 55615ac9-af46-4a59-874e-391cc3dfb490
Policy Category Key Vault
Policy Description The key vault firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the key vault firewall to make sure that only traffic from allowed networks can access your key vault.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-09 11:24:03 add: Policy 55615ac9-af46-4a59-874e-391cc3dfb490
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Firewall should be enabled on Key Vault",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "The key vault firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the key vault firewall to make sure that only traffic from allowed networks can access your key vault.",
    "metadata": {
      "version": "1.0.1-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault/vaults"
          },
          {
            "field": "Microsoft.KeyVault/vaults/networkAcls.defaultAction",
            "notEquals": "Deny"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "55615ac9-af46-4a59-874e-391cc3dfb490"
}