AzPolicyAdvertizer

last sync: 2025-Oct-27 18:23:28 UTC

Storage Accounts should restrict CORS rules

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Storage-CorsRules
Deploy policy Deny-Storage-CorsRules (1.0.0) to Azure
Display name Storage Accounts should restrict CORS rules
Id Deny-Storage-CorsRules
Version 1.0.0
Details on versioning
Category Storage
Description Deny CORS rules for storage account for increased data exfiltration protection and endpoint protection.
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (4)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/blobServices/cors.corsRules[*] Microsoft.Storage storageAccounts/blobServices properties.cors.corsRules[*] True True
Microsoft.Storage/storageAccounts/fileServices/cors.corsRules[*] Microsoft.Storage storageAccounts/fileServices properties.cors.corsRules[*] True False
Microsoft.Storage/storageAccounts/queueServices/cors.corsRules[*] Microsoft.Storage storageAccounts/queueServices properties.cors.corsRules[*] True False
Microsoft.Storage/storageAccounts/tableServices/cors.corsRules[*] Microsoft.Storage storageAccounts/tableServices properties.cors.corsRules[*] True False
Rule resource types IF (4)
Microsoft.Storage/storageAccounts/blobServices
Microsoft.Storage/storageAccounts/fileServices
Microsoft.Storage/storageAccounts/queueServices
Microsoft.Storage/storageAccounts/tableServices
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State
Enforce recommended guardrails for Storage Account Enforce-Guardrails-Storage Storage GA
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-06-03 17:39:43 add Deny-Storage-CorsRules
JSON compare n/a
JSON
EPAC
Deploy policy Deny-Storage-CorsRules (1.0.0) to Azure