last sync: 2020-Sep-25 13:37:27 UTC

Azure Policy

Ensure that 'Java version' is the latest, if used as a part of the Function app

Policy DisplayName Ensure that 'Java version' is the latest, if used as a part of the Function app
Policy Id 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc
Policy Category App Service
Policy Description Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-02-08 03:50:24 change: DisplayName previous DisplayName: Ensure that 'Java version' is the latest, if used as a part of the Funtion app
2019-11-12 19:11:12 add: Policy 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
[Preview]: NIST SP 800-171 R2 03055927-78bd-4236-86c0-f36125a10dc9
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92
[Deprecated]: DOD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133
Policy Rule
{
  "properties": {
    "displayName": "Ensure that 'Java version' is the latest, if used as a part of the Function app",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version.",
    "metadata": {
      "version": "1.0.1",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "JavaLatestVersion": {
        "type": "String",
        "metadata": {
          "displayName": "Latest Java version",
          "description": "Latest supported Java version for App Services"
        },
        "defaultValue": "11"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Web/sites"
          },
          {
            "field": "kind",
            "like": "functionapp*"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Web/sites/config",
          "name": "web",
          "existenceCondition": {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Web/sites/config/web.linuxFxVersion",
                    "notContains": "JAVA"
                  },
                  {
                    "field": "Microsoft.Web/sites/config/web.javaVersion",
                    "equals": ""
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Web/sites/config/web.linuxFxVersion",
                  "like": "[concat('*', parameters('JavaLatestVersion'))]"
                  },
                  {
                    "field": "Microsoft.Web/sites/config/web.javaVersion",
                    "equals": ""
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Web/sites/config/web.linuxFxVersion",
                    "equals": ""
                  },
                  {
                    "field": "Microsoft.Web/sites/config/web.javaVersion",
                  "like": "[concat(parameters('JavaLatestVersion'), '*')]"
                  }
                ]
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"
}