last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Configure Azure Web PubSub Service to disable public network access

Name Configure Azure Web PubSub Service to disable public network access
Azure Portal
Id 5b1213e4-06e4-4ccc-81de-4201f2f7131a
Version 1.0.0
details on versioning
Category Web PubSub
Microsoft docs
Description Disable public network access for your Azure Web PubSub resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/awps/networkacls.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
SignalR Contributor 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-05-26 13:43:16 add 5b1213e4-06e4-4ccc-81de-4201f2f7131a
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure Azure Web PubSub Service to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable public network access for your Azure Web PubSub resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/awps/networkacls. ",
    "metadata": {
      "version": "1.0.0",
      "category": "Web PubSub"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.SignalRService/webPubSub"
          },
          {
            "field": "Microsoft.SignalRService/webPubSub/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "conflictEffect": "Audit",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761"
          ],
          "operations": [
            {
              "operation": "addOrReplace",
              "field": "Microsoft.SignalRService/webPubSub/publicNetworkAccess",
              "value": "Disabled"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5b1213e4-06e4-4ccc-81de-4201f2f7131a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5b1213e4-06e4-4ccc-81de-4201f2f7131a"
}