last sync: 2021-Jan-27 16:54:46 UTC

Azure Policy definition

Network Watcher should be enabled

Name Network Watcher should be enabled
Azure Portal
Id b6e2945c-0b7b-40f5-9233-7a5323b5cdc6
Version 1.1.0
details on versioning
Category Network
Microsoft docs
Description Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: auditIfNotExists
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
[Deprecated]: DOD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133 Regulatory Compliance Deprecated
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
[Preview]: NIST SP 800-171 R2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance Preview
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
Json
{
  "properties": {
    "displayName": "Network Watcher should be enabled",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.",
    "metadata": {
      "version": "1.1.0",
      "category": "Network"
    },
    "parameters": {
      "listOfLocations": {
        "type": "Array",
        "metadata": {
          "displayName": "Locations",
          "description": "Audit if Network Watcher is not enabled for region(s).",
          "strongType": "location"
        }
      },
      "resourceGroupName": {
        "type": "String",
        "metadata": {
          "displayName": "NetworkWatcher resource group name",
          "description": "Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers are located."
        },
        "defaultValue": "NetworkWatcherRG"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
        "effect": "auditIfNotExists",
        "details": {
          "type": "Microsoft.Network/networkWatchers",
        "resourceGroupName": "[parameters('resourceGroupName')]",
          "existenceCondition": {
            "field": "location",
          "in": "[parameters('listOfLocations')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"
}