AzPolicyAdvertizer

last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Configure Azure Cognitive Search services to disable public network access

Name Configure Azure Cognitive Search services to disable public network access
Azure Portal

Id 9cee519f-d9c1-4fd9-9f79-24ec3449ed30

Version 1.0.0
details on versioning

Category Search
Microsoft docs

Description Disable public network access for your Azure Cognitive Search service so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Modify
Allowed: (Modify, Disabled)

Used RBAC Role

Role Name	Role Id
Network Contributor	4d97b98b-1d4f-4787-a291-c67834d212e7
Search Service Contributor	7ca78c08-252a-4471-8644-bb5ff32d4ba0

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-09 14:37:41	add	9cee519f-d9c1-4fd9-9f79-24ec3449ed30

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Configure Azure Cognitive Search services to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable public network access for your Azure Cognitive Search service so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.",
    "metadata": {
      "category": "Search",
      "version": "1.0.0"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Search/searchServices"
          },
          {
            "field": "Microsoft.Search/searchServices/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "conflictEffect": "audit",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
            "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0"
          ],
          "operations": [
            {
              "operation": "addOrReplace",
              "field": "Microsoft.Search/searchServices/publicNetworkAccess",
              "value": "Disabled"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9cee519f-d9c1-4fd9-9f79-24ec3449ed30"
}