AzPolicyAdvertizer

last sync: 2021-Nov-26 17:15:01 UTC

Azure Policy definition

Configure Azure Web PubSub Service to disable public network access

Name Configure Azure Web PubSub Service to disable public network access
Azure Portal

Id 5b1213e4-06e4-4ccc-81de-4201f2f7131a

Version 1.0.0
details on versioning

Category Web PubSub
Microsoft docs

Description Disable public network access for your Azure Web PubSub resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/awps/networkacls.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Modify
Allowed: (Modify, Disabled)

Used RBAC Role

Role Name	Role Id
SignalR/Web PubSub Contributor	8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-05-26 13:43:16	add	5b1213e4-06e4-4ccc-81de-4201f2f7131a

Used in Initiatives none

JSON

{
  "displayName": "Configure Azure Web PubSub Service to disable public network access",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable public network access for your Azure Web PubSub resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/awps/networkacls. ",
  "metadata": {
    "version": "1.0.0",
    "category": "Web PubSub"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.SignalRService/webPubSub"
        },
        {
          "field": "Microsoft.SignalRService/webPubSub/publicNetworkAccess",
          "notEquals": "Disabled"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "conflictEffect": "Audit",
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761"
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "Microsoft.SignalRService/webPubSub/publicNetworkAccess",
            "value": "Disabled"
          }
        ]
      }
    }
  }
}