last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Not allowed resource types

Name Not allowed resource types
Azure Portal
Id 6c112d4e-5bc7-47ae-a041-ea2d9dccd749
Version 2.0.0
details on versioning
Category General
Microsoft docs
Description Restrict which resource types can be deployed in your environment. Limiting resource types can reduce the complexity and attack surface of your environment while also helping to manage costs. Compliance results are only shown for non-compliant resources.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Deny
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 change Major (1.0.0 > 2.0.0)
Used in Initiatives none
JSON Changes

JSON
{
  "properties": {
    "displayName": "Not allowed resource types",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Restrict which resource types can be deployed in your environment. Limiting resource types can reduce the complexity and attack surface of your environment while also helping to manage costs. Compliance results are only shown for non-compliant resources.",
    "metadata": {
      "version": "2.0.0",
      "category": "General"
    },
    "parameters": {
      "listOfResourceTypesNotAllowed": {
        "type": "Array",
        "metadata": {
          "description": "The list of resource types that cannot be deployed.",
          "displayName": "Not allowed resource types",
          "strongType": "resourceTypes"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Deny"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
          "in": "[parameters('listOfResourceTypesNotAllowed')]"
          },
          {
          "value": "[field('type')]",
            "exists": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "6c112d4e-5bc7-47ae-a041-ea2d9dccd749"
}