last sync: 2021-Feb-26 14:40:53 UTC

Azure Policy definition

Storage account should use a private link connection

Name Storage account should use a private link connection
Azure Portal
Id 6edd7eda-6dd8-40f7-810d-67160c639cd9
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Private links enforce secure communication, by providing private connectivity to the storage account
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-08-18 14:06:57 add 6edd7eda-6dd8-40f7-810d-67160c639cd9
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
Json
{
  "properties": {
    "displayName": "Storage account should use a private link connection",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private links enforce secure communication, by providing private connectivity to the storage account",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Storage/storageAccounts"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Storage/storageAccounts/privateEndpointConnections",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint",
                "exists": "true"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState",
                "equals": "Succeeded"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState",
                "exists": "true"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status",
                "equals": "Approved"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "6edd7eda-6dd8-40f7-810d-67160c639cd9"
}