AzPolicyAdvertizer

last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Configure container registries to disable local authentication.

Name Configure container registries to disable local authentication.
Azure Portal

Id 79fdfe03-ffcb-4e55-b4d0-b925b8241759

Version 1.0.0
details on versioning

Category Container Registry
Microsoft docs

Description Disable local authentication so that your container registries exclusively require Azure Active Directory identities for authentication. Learn more about at: https://aka.ms/acr/authentication.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Modify
Allowed: (Modify, Disabled)

Used RBAC Role

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-06-15 14:05:41	add	79fdfe03-ffcb-4e55-b4d0-b925b8241759

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Configure container registries to disable local authentication.",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable local authentication so that your container registries exclusively require Azure Active Directory identities for authentication. Learn more about at: https://aka.ms/acr/authentication.",
    "metadata": {
      "version": "1.0.0",
      "category": "Container Registry"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ContainerRegistry/registries"
          },
          {
            "field": "Microsoft.ContainerRegistry/registries/adminUserEnabled",
            "equals": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "conflictEffect": "audit",
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "operations": [
            {
              "operation": "addOrReplace",
              "field": "Microsoft.ContainerRegistry/registries/adminUserEnabled",
              "value": false
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "79fdfe03-ffcb-4e55-b4d0-b925b8241759"
}