AzPolicyAdvertizer

last sync: 2020-Sep-30 14:32:32 UTC

Azure Policy

Deploy Advanced Threat Protection for Cosmos DB Accounts

Policy DisplayName Deploy Advanced Threat Protection for Cosmos DB Accounts

Policy Id b5f04e03-92a3-4b09-9410-2cc5e5047656

Policy Category Cosmos DB

Policy Description This policy enables Advanced Threat Protection across Cosmos DB accounts.

Policy Mode Indexed

Policy Type BuiltIn

Policy in Preview FALSE

Policy Deprecated FALSE

Policy Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists,Disabled)

Roles used

Role Name	Role Id
Security Admin	fb1c8493-542b-48eb-b624-b4c8fea62acd

Policy Changes no changes

Used in Policy Initiative(s) none

Policy Rule

{
  "properties": {
    "displayName": "Deploy Advanced Threat Protection for Cosmos DB Accounts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy enables Advanced Threat Protection across Cosmos DB accounts.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DocumentDB/databaseAccounts"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/advancedThreatProtectionSettings",
          "name": "current",
          "existenceCondition": {
            "field": "Microsoft.Security/advancedThreatProtectionSettings/isEnabled",
            "equals": "true"
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "cosmosDbAccountName": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "apiVersion": "2019-01-01",
                    "type": "Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings",
                  "name": "[concat(parameters('cosmosDbAccountName'), '/Microsoft.Security/current')]",
                    "properties": {
                      "isEnabled": true
                    }
                  }
                ]
              },
              "parameters": {
                "cosmosDbAccountName": {
                "value": "[field('name')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b5f04e03-92a3-4b09-9410-2cc5e5047656"
}

Azure Policy

Deploy Advanced Threat Protection for Cosmos DB Accounts

Popular