AzPolicyAdvertizer

last sync: 2025-Jul-25 17:39:48 UTC

Prevent subnets without NSG

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 74c23fa8-5cea-413e-bf2c-8226f7728a46 (1.0.0) to Azure
Display name Prevent subnets without NSG
Id 74c23fa8-5cea-413e-bf2c-8226f7728a46
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description This policy prevents subnets without an NSG attached to them.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
RBAC role(s) none
Rule aliases IF (6)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id Microsoft.Network virtualNetworks/subnets properties.networkSecurityGroup.id True True
Microsoft.Network/virtualNetworks/subnets/privateEndpoints[*] Microsoft.Network virtualNetworks/subnets properties.privateEndpoints[*] True False
Microsoft.Network/virtualNetworks/subnets[*] Microsoft.Network virtualNetworks properties.subnets[*] True False
Microsoft.Network/virtualNetworks/subnets[*].name Microsoft.Network virtualNetworks properties.subnets[*].name True False
Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id Microsoft.Network virtualNetworks properties.subnets[*].properties.networkSecurityGroup.id True True
Microsoft.Network/virtualNetworks/subnets[*].privateEndpoints[*] Microsoft.Network virtualNetworks properties.subnets[*].properties.privateEndpoints[*] True False
Rule resource types IF (2)
Microsoft.Network/virtualNetworks
Microsoft.Network/virtualNetworks/subnets
JSON
EPAC
Deploy policy 74c23fa8-5cea-413e-bf2c-8226f7728a46 (1.0.0) to Azure