last sync: 2025-Feb-14 18:36:58 UTC

Azure Kubernetes Service Clusters should disable Command Invoke

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Kubernetes Service Clusters should disable Command Invoke
Id 89f2d532-c53c-4f8f-9afa-4927b1114a0d
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.1
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Disabling command invoke can enhance the security by avoiding bypass of restricted network access or Kubernetes role-based access control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand Microsoft.ContainerService managedClusters properties.apiServerAccessProfile.disableRunCommand True False
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Control the use of AKS in a Virtual Enclave d300338e-65d1-4be3-b18e-fb4ce5715a8f VirtualEnclaves Preview BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-21 16:42:13 change Patch (1.0.0 > 1.0.1)
2022-04-01 20:29:14 add 89f2d532-c53c-4f8f-9afa-4927b1114a0d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC