AzPolicyAdvertizer

last sync: 2022-Oct-03 16:35:36 UTC

Azure Policy definition

Container registries should have local admin account disabled.

Name

Container registries should have local admin account disabled.
Azure Portal

dc921057-6b28-4fbe-9b83-f7bec05db6c2

Version

1.0.1
details on versioning

Category

Container Registry
Microsoft docs

Description

Disable admin account for your registry so that it is not accessible by local admin. Disabling local authentication methods like admin user, repository scoped access tokens and anonymous pull improves security by ensuring that container registries exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/acr/authentication.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role

none

Rule Aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.ContainerRegistry/registries/adminUserEnabled	Microsoft.ContainerRegistry	registries	properties.adminUserEnabled	true

Rule ResourceTypes

IF (1)
Microsoft.ContainerRegistry/registries

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-02-11 18:30:22	change	Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2021-06-15 14:05:41	add	dc921057-6b28-4fbe-9b83-f7bec05db6c2

Used in Initiatives

none

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

AzPolicyAdvertizer

Azure Policy definition

Container registries should have local admin account disabled.

JSON Left

JSON Right