last sync: 2024-Mar-01 17:50:27 UTC

API endpoints that are unused should be disabled and removed from the Azure API Management service

Azure BuiltIn Policy definition

Source Azure Portal
Display name API endpoints that are unused should be disabled and removed from the Azure API Management service
Id c8acafaf-3d23-44d1-9624-978ef0f8652c
Version 1.0.1
Details on versioning
Category Security Center
Microsoft Learn
Description As a security best practice, API endpoints that haven't received traffic for 30 days are considered unused and should be removed from the Azure API Management service. Keeping unused API endpoints may pose a security risk to your organization. These may be APIs that should have been deprecated from the Azure API Management service but may have been accidentally left active. Such APIs typically do not receive the most up to date security coverage.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
microsoft.security/assessments/status.code Microsoft.Security assessments properties.status.code false
Rule resource types IF (1)
Microsoft.ApiManagement/service/apis/operations
Compliance
The following 1 compliance controls are associated with this Policy definition 'API endpoints that are unused should be disabled and removed from the Azure API Management service' (c8acafaf-3d23-44d1-9624-978ef0f8652c)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 AM-3 Azure_Security_Benchmark_v3.0_AM-3 Microsoft cloud security benchmark AM-3 Asset Management Ensure security of asset lifecycle management Shared **Security Principle:** Ensure security attributes or configurations of the assets are always updated during the asset lifecycle. **Azure Guidance:** Establish or update security policies/process that address asset lifecycle management processes for potentially high impact modifications. These modifications include changes to identity providers and access, data sensitivity, network configuration, and administrative privilege assignment. Remove Azure resources when they are no longer needed. **Implementation and additional context:** Delete Azure resource group and resource: https://docs.microsoft.com/azure/azure-resource-manager/management/delete-resource-group n/a link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-11-06 19:40:47 change Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2023-08-03 17:56:09 add c8acafaf-3d23-44d1-9624-978ef0f8652c
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC