AzPolicyAdvertizer

last sync: 2021-May-05 13:56:08 UTC

Azure Policy definition

Virtual network injection should be enabled for Azure Data Explorer

Name Virtual network injection should be enabled for Azure Data Explorer
Azure Portal

Id 9ad2fd1f-b25f-47a2-aa01-1a5a779e6413

Version 1.0.0
details on versioning

Category Azure Data Explorer
Microsoft docs

Description Secure your network perimeter with virtual network injection which allows you to enforce network security group rules, connect on-premises and secure your data connection sources with service endpoints.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-11-10 16:00:42	add	9ad2fd1f-b25f-47a2-aa01-1a5a779e6413

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Virtual network injection should be enabled for Azure Data Explorer",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Secure your network perimeter with virtual network injection which allows you to enforce network security group rules, connect on-premises and secure your data connection sources with service endpoints.",
    "metadata": {
      "version": "1.0.0",
      "category": "Azure Data Explorer"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Kusto/Clusters"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration",
                "exists": false
              },
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration.subnetId",
                "exists": false
              },
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration.enginePublicIpId",
                "exists": false
              },
              {
                "field": "Microsoft.Kusto/clusters/virtualNetworkConfiguration.dataManagementPublicIpId",
                "exists": false
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9ad2fd1f-b25f-47a2-aa01-1a5a779e6413",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9ad2fd1f-b25f-47a2-aa01-1a5a779e6413"
}