last sync: 2021-Nov-26 17:15:01 UTC

Azure Policy definition

Configure container registries to disable local authentication.

Name Configure container registries to disable local authentication.
Azure Portal
Id 79fdfe03-ffcb-4e55-b4d0-b925b8241759
Version 1.0.0
details on versioning
Category Container Registry
Microsoft docs
Description Disable local authentication so that your container registries exclusively require Azure Active Directory identities for authentication. Learn more about at: https://aka.ms/acr/authentication.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-06-15 14:05:41 add 79fdfe03-ffcb-4e55-b4d0-b925b8241759
Used in Initiatives none
JSON
{
  "displayName": "Configure container registries to disable local authentication.",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable local authentication so that your container registries exclusively require Azure Active Directory identities for authentication. Learn more about at: https://aka.ms/acr/authentication.",
  "metadata": {
    "version": "1.0.0",
    "category": "Container Registry"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.ContainerRegistry/registries"
        },
        {
          "field": "Microsoft.ContainerRegistry/registries/adminUserEnabled",
          "equals": true
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "conflictEffect": "audit",
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "Microsoft.ContainerRegistry/registries/adminUserEnabled",
            "value": false
          }
        ]
      }
    }
  }
}