last sync: 2020-Sep-30 14:32:32 UTC

Azure Policy

Deploy Advanced Threat Protection for Cosmos DB Accounts

Policy DisplayName Deploy Advanced Threat Protection for Cosmos DB Accounts
Policy Id b5f04e03-92a3-4b09-9410-2cc5e5047656
Policy Category Cosmos DB
Policy Description This policy enables Advanced Threat Protection across Cosmos DB accounts.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists,Disabled)
Roles used
Role Name Role Id
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd
Policy Changes no changes
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Deploy Advanced Threat Protection for Cosmos DB Accounts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy enables Advanced Threat Protection across Cosmos DB accounts.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DocumentDB/databaseAccounts"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/advancedThreatProtectionSettings",
          "name": "current",
          "existenceCondition": {
            "field": "Microsoft.Security/advancedThreatProtectionSettings/isEnabled",
            "equals": "true"
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "cosmosDbAccountName": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "apiVersion": "2019-01-01",
                    "type": "Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings",
                  "name": "[concat(parameters('cosmosDbAccountName'), '/Microsoft.Security/current')]",
                    "properties": {
                      "isEnabled": true
                    }
                  }
                ]
              },
              "parameters": {
                "cosmosDbAccountName": {
                "value": "[field('name')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b5f04e03-92a3-4b09-9410-2cc5e5047656"
}