AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Configure CosmosDB accounts to disable public network access

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure CosmosDB accounts to disable public network access
Id da69ba51-aaf1-41e5-8651-607cd0b37088
Version 1.0.1
Details on versioning
Category Cosmos DB
Microsoft Learn
Description Disable public network access for your CosmosDB resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Modify
Allowed
Modify, Disabled
RBAC role(s)
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
DocumentDB Account Contributor 5bd9cd88-fe45-4216-938b-f97437e15450
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess Microsoft.DocumentDB databaseAccounts properties.publicNetworkAccess True True
THEN-Operations (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess Microsoft.DocumentDB databaseAccounts properties.publicNetworkAccess True True
Rule resource types IF (1)
Microsoft.DocumentDB/databaseAccounts
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of CosmosDB in a Virtual Enclave 6bd484ca-ae8d-46cf-9b33-e1feef84bfba VirtualEnclaves Preview BuiltIn
Enforce recommended guardrails for Cosmos DB Enforce-Guardrails-CosmosDb Cosmos DB GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-03-31 17:44:15 change Patch (1.0.0 > 1.0.1)
2021-03-09 14:37:41 add da69ba51-aaf1-41e5-8651-607cd0b37088
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC