last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure Azure Defender for App Service to be enabled

Name Configure Azure Defender for App Service to be enabled
Azure Portal
Id b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d
Version 1.0.0
details on versioning
Category Security Center
Microsoft docs
Description Azure Defender for App Service leverages the scale of the cloud, and the visibility that Azure has as a cloud provider, to monitor for common web app attacks.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-30 15:17:20 add b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d
Used in Initiatives none
JSON
{
  "displayName": "Configure Azure Defender for App Service to be enabled",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "Azure Defender for App Service leverages the scale of the cloud, and the visibility that Azure has as a cloud provider, to monitor for common web app attacks.",
  "metadata": {
    "version": "1.0.0",
    "category": "Security Center"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Resources/subscriptions"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Security/pricings",
        "name": "AppServices",
        "deploymentScope": "subscription",
        "existenceScope": "subscription",
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
        ],
        "existenceCondition": {
          "field": "Microsoft.Security/pricings/pricingTier",
          "equals": "Standard"
        },
        "deployment": {
          "location": "westeurope",
          "properties": {
            "mode": "incremental",
            "parameters": {},
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {},
              "variables": {},
              "resources": [
                {
                  "type": "Microsoft.Security/pricings",
                  "apiVersion": "2018-06-01",
                  "name": "AppServices",
                  "properties": {
                    "pricingTier": "Standard"
                  }
                }
              ],
              "outputs": {}
            }
          }
        }
      }
    }
  }
}