last sync: 2020-Oct-01 14:15:17 UTC

Azure Policy

[Preview]: Private endpoint should be configured for Key Vault

Policy DisplayName [Preview]: Private endpoint should be configured for Key Vault
Policy Id 5f0bc445-3935-4915-9981-011aa2b46147
Policy Category Key Vault
Policy Description Private link provides a way to connect key vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection against data exfiltration.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-09 11:24:03 add: Policy 5f0bc445-3935-4915-9981-011aa2b46147
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Private endpoint should be configured for Key Vault",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private link provides a way to connect key vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection against data exfiltration.",
    "metadata": {
      "version": "1.0.1-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault/vaults"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.KeyVault/vaults/privateEndpointConnections",
                "exists": "false"
              },
              {
                "count": {
                "field": "Microsoft.KeyVault/vaults/privateEndpointConnections[*]"
                },
                "equals": 0
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5f0bc445-3935-4915-9981-011aa2b46147"
}