last sync: 2024-Jun-18 16:46:26 UTC

[Deprecated]: Web Application Firewall (WAF) should enable all firewall rules for Application Gateway

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Web Application Firewall (WAF) should enable all firewall rules for Application Gateway
Id 632d3993-e2c0-44ea-a7db-2eca131f356d
Version 1.1.0-deprecated
Details on versioning
Category Network
Microsoft Learn
Description Enabling all Web Application Firewall (WAF) rules strengthens your application security and protects your web applications against common vulnerabilities. To learn more about Web Application Firewall (WAF) with Application Gateway, visit https://aka.ms/waf-ag
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration.disabledRuleGroups[*] Microsoft.Network applicationGateways properties.webApplicationFirewallConfiguration.disabledRuleGroups[*] True False
Rule resource types IF (1)
Microsoft.Network/applicationGateways
Compliance
The following 5 compliance controls are associated with this Policy definition '[Deprecated]: Web Application Firewall (WAF) should enable all firewall rules for Application Gateway' (632d3993-e2c0-44ea-a7db-2eca131f356d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Guidelines for M365 Certification Protecting systems and resources Shared n/a Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. link 24
mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found n/a n/a 56
mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found n/a n/a 52
RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Management And Security Network Device Configuration Management-4.3 n/a Ensure that all the network devices are configured appropriately and periodically assess whether the configurations are appropriate to the desired level of network security. 17
RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc) Application Security Life Cycle (Aslc)-6.7 n/a Ensure that software/application development practices addresses the vulnerabilities based on best practices baselines such as Open Web Application Security Project (OWASP) proactively and adopt principle of defence-in-depth to provide layered security mechanism. 4
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
ACAT for Microsoft 365 Certification 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 Regulatory Compliance GA BuiltIn
Enforce recommended guardrails for Network and Networking services Enforce-Guardrails-Network Network GA ALZ
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-06-14 18:20:16 change Minor, new suffix: deprecated (1.0.1 > 1.1.0-deprecated)
2022-09-23 16:35:49 change Patch (1.0.0 > 1.0.1)
2022-07-08 16:32:07 add 632d3993-e2c0-44ea-a7db-2eca131f356d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC