AzPolicyAdvertizer

last sync: 2023-Sep-29 17:58:48 UTC

Azure Policy definition

API Management direct management endpoint should not be enabled

Source

Azure Portal

Display name

API Management direct management endpoint should not be enabled

b741306c-968e-4b67-b916-5675e5c709f4

Version

1.0.2
details on versioning

Category

API Management
Microsoft docs

Description

The direct management REST API in Azure API Management bypasses Azure Resource Manager role-based access control, authorization, and throttling mechanisms, thus increasing the vulnerability of your service.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled, Deny

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.ApiManagement/service/tenant/enabled	Microsoft.ApiManagement	service/tenant	properties.enabled	false

Rule resource types

IF (1)
Microsoft.ApiManagement/service/tenant

Compliance

The following 1 compliance controls are associated with this Policy definition 'API Management direct management endpoint should not be enabled' (b741306c-968e-4b67-b916-5675e5c709f4)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v3.0	PV-2	Azure_Security_Benchmark_v3.0_PV-2	Microsoft cloud security benchmark PV-2	Posture and Vulnerability Management	Audit and enforce secure configurations	Shared	Security Principle: Continuously monitor and alert when there is a deviation from the defined configuration baseline. Enforce the desired configuration according to the baseline configuration by denying the non-compliant configuration or deploy a configuration. Azure Guidance: Use Microsoft Defender for Cloud to configure Azure Policy to audit and enforce configurations of your Azure resources. Use Azure Monitor to create alerts when there is a configuration deviation detected on the resources. Use Azure Policy [deny] and [deploy if not exist] rule to enforce secure configuration across Azure resources. For resource configuration audit and enforcement not supported by Azure Policy, you may need to write your own scripts or use third-party tooling to implement the configuration audit and enforcement. Implementation and additional context: Understand Azure Policy effects: https://docs.microsoft.com/azure/governance/policy/concepts/effects Create and manage policies to enforce compliance: https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage Get compliance data of Azure resources: https://docs.microsoft.com/azure/governance/policy/how-to/get-compliance-data	n/a	link	26

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Microsoft cloud security benchmark	1f3afdf9-d0c9-4c3d-847f-89da613e70a8	Security Center	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-03-31 17:44:15	change	Patch (1.0.1 > 1.0.2)
2022-07-08 16:32:07	change	Patch (1.0.0 > 1.0.1)
2022-06-17 16:31:08	add	b741306c-968e-4b67-b916-5675e5c709f4

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01