last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure App Service to disable local authentication for SCM sites.

Name Configure App Service to disable local authentication for SCM sites.
Azure Portal
Id 5e97b776-f380-4722-a9a3-e7f0be029e79
Version 1.0.0
details on versioning
Category App Service
Microsoft docs
Description Disable local authentication methods for SCM sites so that your App Services exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Website Contributor de139f84-1756-47ae-9be6-808fbbe84772
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-08 15:39:57 add 5e97b776-f380-4722-a9a3-e7f0be029e79
Used in Initiatives none
JSON
{
  "displayName": "Configure App Service to disable local authentication for SCM sites.",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable local authentication methods for SCM sites so that your App Services exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.",
  "metadata": {
    "version": "1.0.0",
    "category": "App Service"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Web/sites"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "name": "scm",
        "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies",
        "existenceCondition": {
          "field": "Microsoft.Web/sites/basicPublishingCredentialsPolicies/allow",
          "equals": "false"
        },
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "parameters": {
              "siteName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              }
            },
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "siteName": {
                  "type": "string"
                },
                "location": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies",
                  "name": "[concat(parameters('siteName'), '/scm')]",
                  "apiVersion": "2021-02-01",
                  "location": "[parameters('location')]",
                  "tags": {},
                  "properties": {
                    "allow": "false"
                  }
                }
              ]
            }
          }
        }
      }
    }
  }
}