last sync: 2024-May-27 19:38:21 UTC

Storage Accounts should restrict network access through network ACL bypass configuration only.

Azure BuiltIn Policy definition

Source Azure Portal
Display name Storage Accounts should restrict network access through network ACL bypass configuration only.
Id 7809fda1-ba27-48c1-9c63-1f5aee46ba89
Version 1.0.0
Details on versioning
Category VirtualEnclaves
Microsoft Learn
Description To improve the security of Storage Accounts, enable access only through network ACL bypass. This policy should be used in combination with a private endpoint for storage account access.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (5)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/networkAcls.bypass Microsoft.Storage storageAccounts properties.networkAcls.bypass true
Microsoft.Storage/storageAccounts/networkAcls.defaultAction Microsoft.Storage storageAccounts properties.networkAcls.defaultAction true
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*] Microsoft.Storage storageAccounts properties.networkAcls.ipRules[*] true
Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*] Microsoft.Storage storageAccounts properties.networkAcls.resourceAccessRules[*] false
Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*] Microsoft.Storage storageAccounts properties.networkAcls.virtualNetworkRules[*] true
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Storage Accounts in a Virtual Enclave ca122c06-05f6-4423-9018-ccb523168eb2 VirtualEnclaves Preview BuiltIn
Date/Time (UTC ymd) (i) Change type Change detail
2024-02-27 19:10:20 add 7809fda1-ba27-48c1-9c63-1f5aee46ba89
JSON compare n/a