last sync: 2020-Sep-30 14:32:32 UTC

Azure Policy

Deploy network watcher when virtual networks are created

Policy DisplayName Deploy network watcher when virtual networks are created
Policy Id a9b99dd8-06c5-4317-8629-9d86a3c6e7d9
Policy Category Network
Policy Description This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: DeployIfNotExists
Roles used
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
Policy Rule
{
  "properties": {
    "displayName": "Deploy network watcher when virtual networks are created",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Network/virtualNetworks"
      },
      "then": {
        "effect": "DeployIfNotExists",
        "details": {
          "type": "Microsoft.Network/networkWatchers",
          "resourceGroupName": "networkWatcherRG",
          "existenceCondition": {
            "field": "location",
          "equals": "[field('location')]"
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "apiVersion": "2016-09-01",
                    "type": "Microsoft.Network/networkWatchers",
                  "name": "[concat('networkWatcher_', parameters('location'))]",
                  "location": "[parameters('location')]"
                  }
                ]
              },
              "parameters": {
                "location": {
                "value": "[field('location')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"
}