last sync: 2020-Sep-24 14:01:32 UTC

Azure Policy

Storage account should use a private link connection

Policy DisplayName Storage account should use a private link connection
Policy Id 6edd7eda-6dd8-40f7-810d-67160c639cd9
Policy Category Storage
Policy Description Private links enforce secure communication, by providing private connectivity to the storage account
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-08-18 14:06:57 add: Policy 6edd7eda-6dd8-40f7-810d-67160c639cd9
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Storage account should use a private link connection",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private links enforce secure communication, by providing private connectivity to the storage account",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Storage/storageAccounts"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Storage/storageAccounts/privateEndpointConnections",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint",
                "exists": "true"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState",
                "equals": "Succeeded"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState",
                "exists": "true"
              },
              {
                "field": "Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status",
                "equals": "Approved"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "6edd7eda-6dd8-40f7-810d-67160c639cd9"
}