AzPolicyAdvertizer

last sync: 2021-May-14 16:08:20 UTC

Azure Policy definition

[Preview]: Private endpoint should be configured for Key Vault

Name [Preview]: Private endpoint should be configured for Key Vault
Azure Portal

Id 5f0bc445-3935-4915-9981-011aa2b46147

Version 1.1.0-preview
details on versioning

Category Key Vault
Microsoft docs

Description Private link provides a way to connect Key Vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection against data exfiltration.

Mode Indexed

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-01-27 16:54:46	change	Minor, suffix remains equal (1.0.2-preview > 1.1.0-preview)
2020-12-11 15:42:52	change	Patch, suffix remains equal (1.0.1-preview > 1.0.2-preview)
2020-09-09 11:24:03	add	5f0bc445-3935-4915-9981-011aa2b46147

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Deprecated]: Azure Security Benchmark v2	bb522ac1-bc39-4957-b194-429bcd3bcb0b	Regulatory Compliance	Deprecated
Azure Security Benchmark	1f3afdf9-d0c9-4c3d-847f-89da613e70a8	Security Center	GA

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

{
  "properties": {
  "displayName": "[Preview]: Private endpoint should be configured for Key Vault",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private link provides a way to connect Key Vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection against data exfiltration.",
    "metadata": {
      "version": "1.1.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault/vaults"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.KeyVault/vaults/privateEndpointConnections",
                "exists": "false"
              },
              {
                "count": {
                "field": "Microsoft.KeyVault/vaults/privateEndpointConnections[*]"
                },
                "equals": 0
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5f0bc445-3935-4915-9981-011aa2b46147"
}

AzPolicyAdvertizer

Azure Policy definition

[Preview]: Private endpoint should be configured for Key Vault

JSON Left

JSON Right