last sync: 2020-Dec-03 15:30:53 UTC

Azure Policy definition

Virtual network injection should be enabled for Azure Data Explorer

Name Virtual network injection should be enabled for Azure Data Explorer
Azure Portal
Id 9ad2fd1f-b25f-47a2-aa01-1a5a779e6413
Version 1.0.0
details on versioning
Category Azure Data Explorer
Microsoft docs
Description Secure your network perimeter with virtual network injection which allows you to enforce network security group rules, connect on-premises and secure your data connection sources with service endpoints.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-11-10 16:00:42 add 9ad2fd1f-b25f-47a2-aa01-1a5a779e6413
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Virtual network injection should be enabled for Azure Data Explorer",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Secure your network perimeter with virtual network injection which allows you to enforce network security group rules, connect on-premises and secure your data connection sources with service endpoints.",
    "metadata": {
      "version": "1.0.0",
      "category": "Azure Data Explorer"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Kusto/Clusters"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration",
                "exists": false
              },
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration.subnetId",
                "exists": false
              },
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration.enginePublicIpId",
                "exists": false
              },
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration.dataManagementPublicIpId",
                "exists": false
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9ad2fd1f-b25f-47a2-aa01-1a5a779e6413",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9ad2fd1f-b25f-47a2-aa01-1a5a779e6413"
}