last sync: 2020-Dec-02 15:37:49 UTC

Azure Policy definition

Storage account should use a private link connection

Name Storage account should use a private link connection
Azure Portal
Id 6edd7eda-6dd8-40f7-810d-67160c639cd9
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Private links enforce secure communication, by providing private connectivity to the storage account
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-08-18 14:06:57 add 6edd7eda-6dd8-40f7-810d-67160c639cd9
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Storage account should use a private link connection",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private links enforce secure communication, by providing private connectivity to the storage account",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Storage/storageAccounts"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Storage/storageAccounts/privateEndpointConnections",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint",
                "exists": "true"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState",
                "equals": "Succeeded"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState",
                "exists": "true"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status",
                "equals": "Approved"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "6edd7eda-6dd8-40f7-810d-67160c639cd9"
}