AzPolicyAdvertizer

last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Configure Cosmos DB database accounts to disable local authentication

Name Configure Cosmos DB database accounts to disable local authentication
Azure Portal

Id dc2d41d1-4ab1-4666-a3e1-3d51c43e0049

Version 1.0.0
details on versioning

Category Cosmos DB
Microsoft docs

Description Disable local authentication methods so that your Cosmos DB database accounts exclusively require Azure Active Directory identities for authentication. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac#disable-local-auth.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Modify
Allowed: (Modify, Disabled)

Used RBAC Role

Role Name	Role Id
DocumentDB Account Contributor	5bd9cd88-fe45-4216-938b-f97437e15450

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-07-07 15:26:31	add	dc2d41d1-4ab1-4666-a3e1-3d51c43e0049

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Configure Cosmos DB database accounts to disable local authentication",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable local authentication methods so that your Cosmos DB database accounts exclusively require Azure Active Directory identities for authentication. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac#disable-local-auth.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DocumentDB/databaseAccounts"
          },
          {
            "field": "Microsoft.DocumentDB/databaseAccounts/disableLocalAuth",
            "notEquals": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450"
          ],
          "conflictEffect": "audit",
          "operations": [
            {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2021-06-15')]",
              "operation": "addOrReplace",
              "field": "Microsoft.DocumentDB/databaseAccounts/disableLocalAuth",
              "value": true
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "dc2d41d1-4ab1-4666-a3e1-3d51c43e0049"
}