last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Network interfaces should not have public IPs

Name Network interfaces should not have public IPs
Azure Portal
Id 83a86a26-fd1f-447c-b59d-e51f44264114
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deny
Used RBAC Role none
History none
Used in Initiatives none
JSON
{
  "displayName": "Network interfaces should not have public IPs",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.",
  "metadata": {
    "version": "1.0.0",
    "category": "Network"
  },
  "parameters": {},
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Network/networkInterfaces"
        },
        {
          "not": {
            "field": "Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id",
            "notLike": "*"
          }
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}