last sync: 2021-May-17 14:22:45 UTC

Azure Policy definition

Azure Attestation providers should use private endpoints

Name Azure Attestation providers should use private endpoints
Azure Portal
Id 7b256a2d-058b-41f8-bed9-3f870541c40a
Version 1.0.0
details on versioning
Category Attestation
Microsoft docs
Description Private endpoints provide a way to connect Azure Attestation providers to your Azure resources without sending traffic over the public internet. By preventing public access, private endpoints help protect against undesired anonymous access.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-01-27 16:54:46 add 7b256a2d-058b-41f8-bed9-3f870541c40a
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Azure Attestation providers should use private endpoints",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Private endpoints provide a way to connect Azure Attestation providers to your Azure resources without sending traffic over the public internet. By preventing public access, private endpoints help protect against undesired anonymous access.",
    "metadata": {
      "version": "1.0.0",
      "category": "Attestation"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Attestation/attestationProviders"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Attestation/attestationProviders/privateEndpointConnections",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateEndpoint",
                "exists": "true"
              },
              {
                "field": "Microsoft.Attestation/attestationProviders/privateEndpointConnections/provisioningState",
                "equals": "Succeeded"
              },
              {
                "field": "Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateLinkServiceConnectionState.status",
                "equals": "Approved"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/7b256a2d-058b-41f8-bed9-3f870541c40a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "7b256a2d-058b-41f8-bed9-3f870541c40a"
}