AzPolicyAdvertizer

last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Deploy network watcher when virtual networks are created

Name Deploy network watcher when virtual networks are created
Azure Portal
Id a9b99dd8-06c5-4317-8629-9d86a3c6e7d9
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: DeployIfNotExists
Used RBAC Role
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
JSON 
{
  "displayName": "Deploy network watcher when virtual networks are created",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.",
  "metadata": {
    "version": "1.0.0",
    "category": "Network"
  },
  "parameters": {},
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Network/virtualNetworks"
    },
    "then": {
      "effect": "DeployIfNotExists",
      "details": {
        "type": "Microsoft.Network/networkWatchers",
        "resourceGroupName": "networkWatcherRG",
        "existenceCondition": {
          "field": "location",
          "equals": "[field('location')]"
        },
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "location": {
                  "type": "string"
                }
              },
              "resources": [
                {
                  "apiVersion": "2016-09-01",
                  "type": "Microsoft.Network/networkWatchers",
                  "name": "[concat('networkWatcher_', parameters('location'))]",
                  "location": "[parameters('location')]"
                }
              ]
            },
            "parameters": {
              "location": {
                "value": "[field('location')]"
              }
            }
          }
        }
      }
    }
  }
}