AzPolicyAdvertizer

last sync: 2025-Aug-11 17:27:45 UTC

[Deprecated]: Azure firewall policy should enable TLS inspection within application rules

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Azure firewall policy should enable TLS inspection within application rules
Id a58ac66d-92cb-409c-94b8-8e48d7a96596
Version 1.1.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 2
1.1.0 (1.1.0-deprecated)
1.0.0
Built-in Versioning [Preview]
Category Network
Microsoft Learn
Description This policy is deprecated because Microsoft 365 App Compliance Program no longer requires Azure Firewall as the only network security control solution. Learn more details about the latest M365 APP Compliance requirements about network security controls at aka.ms/acat-cert2-seg-ops-nsc. Learn more about policy definition deprecation at aka.ms/policydefdeprecation.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode All
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*] Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*] True False
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*] Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].rules[*] True False
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*].ApplicationRule.terminateTLS Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].rules[*].terminateTLS True False
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Rows: 1-1 / 1
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Enforce recommended guardrails for Network and Networking services Enforce-Guardrails-Network Network GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-06-14 18:20:16 change Minor, new suffix: deprecated (1.0.0 > 1.1.0-deprecated)
2022-08-12 16:33:43 add a58ac66d-92cb-409c-94b8-8e48d7a96596
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0-deprecated RENAMED
@@ -1,12 +1,13 @@
1
  {
2
- "displayName": "Azure firewall policy should enable TLS inspection within application rules",
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "Enabling TLS inspection is recommended for all application rules to detect, alert, and mitigate malicious activity in HTTPS. To learn more about TLS inspection with Azure Firewall, visit https://aka.ms/fw-tlsinspect",
6
  "metadata": {
7
- "version": "1.0.0",
8
- "category": "Network"
 
9
  },
10
  "parameters": {
11
  "effect": {
12
  "type": "String",
@@ -18,9 +19,9 @@
18
  "Audit",
19
  "Deny",
20
  "Disabled"
21
  ],
22
- "defaultValue": "Audit"
23
  }
24
  },
25
  "policyRule": {
26
  "if": {
 
1
  {
2
+ "displayName": "[Deprecated]: Azure firewall policy should enable TLS inspection within application rules",
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "Enabling TLS inspection is recommended for all application rules to detect, alert, and mitigate malicious activity in HTTPS. To learn more about TLS inspection with Azure Firewall, visit https://aka.ms/fw-tlsinspect",
6
  "metadata": {
7
+ "version": "1.1.0-deprecated",
8
+ "category": "Network",
9
+ "deprecated": true
10
  },
11
  "parameters": {
12
  "effect": {
13
  "type": "String",
 
19
  "Audit",
20
  "Deny",
21
  "Disabled"
22
  ],
23
+ "defaultValue": "Disabled"
24
  }
25
  },
26
  "policyRule": {
27
  "if": {
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "[Deprecated]: Azure firewall policy should enable TLS inspection within application rules",
  • policyType: "BuiltIn",
  • mode: "All",
  • description: "This policy is deprecated because Microsoft 365 App Compliance Program no longer requires Azure Firewall as the only network security control solution. Learn more details about the latest M365 APP Compliance requirements about network security controls at aka.ms/acat-cert2-seg-ops-nsc. Learn more about policy definition deprecation at aka.ms/policydefdeprecation.",
  • metadata: {3 items
    • version: "1.1.0-deprecated",
    • category: "Network",
    • deprecated: true
    },
  • parameters: {1 item},
  • policyRule: {2 items
    • if: {1 item
      • allOf: [2 items
        • {2 items
          • field: "type",
          • equals: "Microsoft.Network/firewallPolicies/ruleCollectionGroups"
          },
        • {2 items
          • count: {2 items
            • field: "Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*]",
            • where: {2 items
              • count: {2 items
                • field: "Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*]",
                • where: {2 items
                  • field: "Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*].ApplicationRule.terminateTLS",
                  • equals: false
                  }
                },
              • greaterOrEquals: 1
              }
            },
          • greaterOrEquals: 1
          }
        ]
      },
    • then: {1 item
      • effect: "[parameters('effect')]"
      }
    }
}