AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

App Service apps should enable outbound non-RFC 1918 traffic to Azure Virtual Network

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

App Service apps should enable outbound non-RFC 1918 traffic to Azure Virtual Network

a691eacb-474d-47e4-b287-b4813ca44222

Version

1.0.0
Details on versioning

Category

App Service
Microsoft Learn

Description

By default, if one uses regional Azure Virtual Network (VNET) integration, the app only routes RFC1918 traffic into that respective virtual network. Using the API to set 'vnetRouteAllEnabled' to true enables all outbound traffic into the Azure Virtual Network. This setting allows features like network security groups and user defined routes to be used for all outbound traffic from the App Service app.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Web/sites/vnetRouteAllEnabled	Microsoft.Web	sites	properties.vnetRouteAllEnabled	True		False

Rule resource types

IF (1)
Microsoft.Web/sites

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Enforce recommended guardrails for App Service	Enforce-Guardrails-AppServices	App Service	GA	ALZ

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-12-21 17:43:51	add	a691eacb-474d-47e4-b287-b4813ca44222

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC