last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Configure App Services to disable public network access

Name Configure App Services to disable public network access
Azure Portal
Id 81dff7c0-4020-4b58-955d-c076a2136b56
Version 1.0.0
details on versioning
Category App Service
Microsoft docs
Description Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Website Contributor de139f84-1756-47ae-9be6-808fbbe84772
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-06-22 14:29:30 add 81dff7c0-4020-4b58-955d-c076a2136b56
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure App Services to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint.",
    "metadata": {
      "version": "1.0.0",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Web/sites"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Web/sites/config",
          "existenceCondition": {
            "field": "Microsoft.Web/sites/config/publicNetworkAccess",
            "equals": "Disabled"
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "webAppName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "webAppName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                  "name": "[concat(parameters('webAppName'), '/web')]",
                    "type": "Microsoft.Web/sites/config",
                    "apiVersion": "2020-09-01",
                  "location": "[parameters('location')]",
                    "properties": {
                      "publicNetworkAccess": "Disabled"
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/81dff7c0-4020-4b58-955d-c076a2136b56",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "81dff7c0-4020-4b58-955d-c076a2136b56"
}