last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure App Service to disable local authentication on FTP deployments.

Name Configure App Service to disable local authentication on FTP deployments.
Azure Portal
Id 572e342c-c920-4ef5-be2e-1ed3c6a51dc5
Version 1.0.0
details on versioning
Category App Service
Microsoft docs
Description Disable local authentication methods for FTP deployments so that your App Services exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Website Contributor de139f84-1756-47ae-9be6-808fbbe84772
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-08 15:39:57 add 572e342c-c920-4ef5-be2e-1ed3c6a51dc5
Used in Initiatives none
JSON
{
  "displayName": "Configure App Service to disable local authentication on FTP deployments.",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable local authentication methods for FTP deployments so that your App Services exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.",
  "metadata": {
    "version": "1.0.0",
    "category": "App Service"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Web/sites"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "name": "ftp",
        "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies",
        "existenceCondition": {
          "field": "Microsoft.Web/sites/basicPublishingCredentialsPolicies/allow",
          "equals": "false"
        },
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "parameters": {
              "siteName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              }
            },
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "siteName": {
                  "type": "string"
                },
                "location": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies",
                  "name": "[concat(parameters('siteName'), '/ftp')]",
                  "apiVersion": "2021-02-01",
                  "location": "[parameters('location')]",
                  "tags": {},
                  "properties": {
                    "allow": "false"
                  }
                }
              ]
            }
          }
        }
      }
    }
  }
}