last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure Azure IoT Hub to disable local authentication

Name Configure Azure IoT Hub to disable local authentication
Azure Portal
Id 9f8ba900-a70f-486e-9ffc-faf907305376
Version 1.0.0
details on versioning
Category Internet of Things
Microsoft docs
Description Disable local authentication methods so that your Azure IoT Hub exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/iothubdisablelocalauth.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-08 15:39:57 add 9f8ba900-a70f-486e-9ffc-faf907305376
Used in Initiatives none
JSON
{
  "displayName": "Configure Azure IoT Hub to disable local authentication",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable local authentication methods so that your Azure IoT Hub exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/iothubdisablelocalauth.",
  "metadata": {
    "version": "1.0.0",
    "category": "Internet of Things"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Devices/IotHubs"
        },
        {
          "field": "Microsoft.Devices/IotHubs/disableLocalAuth",
          "notEquals": true
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "conflictEffect": "audit",
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "operations": [
          {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2021-07-01')]",
            "operation": "addOrReplace",
            "field": "Microsoft.Devices/IotHubs/disableLocalAuth",
            "value": true
          }
        ]
      }
    }
  }
}