AzPolicyAdvertizer

last sync: 2021-Jan-25 16:07:05 UTC

Azure Policy definition

App Configuration should use private link

Name App Configuration should use private link
Azure Portal
Id ca610c1d-041c-4332-9d88-7ed3094967c7
Version 1.0.2
details on versioning
Category App Configuration
Microsoft docs
Description Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your app configuration instances instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-12-11 15:42:52 change Patch (1.0.1 > 1.0.2) *changes on text case sensitivity are not tracked
2020-02-12 02:52:44 add ca610c1d-041c-4332-9d88-7ed3094967c7
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
JSON Changes

Json 
{
  "properties": {
    "displayName": "App Configuration should use private link",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your app configuration instances instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.",
    "metadata": {
      "version": "1.0.2",
      "category": "App Configuration"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.AppConfiguration/configurationStores"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.AppConfiguration/configurationStores/privateEndpointConnections",
          "existenceCondition": {
            "field": "Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status",
            "equals": "Approved"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "ca610c1d-041c-4332-9d88-7ed3094967c7"
}