last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Configure Azure Cognitive Search services to disable public network access

Name Configure Azure Cognitive Search services to disable public network access
Azure Portal
Id 9cee519f-d9c1-4fd9-9f79-24ec3449ed30
Version 1.0.0
details on versioning
Category Search
Microsoft docs
Description Disable public network access for your Azure Cognitive Search service so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
Search Service Contributor 7ca78c08-252a-4471-8644-bb5ff32d4ba0
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add 9cee519f-d9c1-4fd9-9f79-24ec3449ed30
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure Azure Cognitive Search services to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable public network access for your Azure Cognitive Search service so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.",
    "metadata": {
      "category": "Search",
      "version": "1.0.0"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Search/searchServices"
          },
          {
            "field": "Microsoft.Search/searchServices/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "conflictEffect": "audit",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
            "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0"
          ],
          "operations": [
            {
              "operation": "addOrReplace",
              "field": "Microsoft.Search/searchServices/publicNetworkAccess",
              "value": "Disabled"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9cee519f-d9c1-4fd9-9f79-24ec3449ed30"
}