AzPolicyAdvertizer

last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Container registries should have local authentication methods disabled.

Name Container registries should have local authentication methods disabled.
Azure Portal
Id dc921057-6b28-4fbe-9b83-f7bec05db6c2
Version 1.0.0
details on versioning
Category Container Registry
Microsoft docs
Description Disabling local authentication methods improves security by ensuring that container registries exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/acr/authentication.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-06-15 14:05:41 add dc921057-6b28-4fbe-9b83-f7bec05db6c2
Used in Initiatives none
JSON 
{
  "properties": {
    "displayName": "Container registries should have local authentication methods disabled.",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling local authentication methods improves security by ensuring that container registries exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/acr/authentication.",
    "metadata": {
      "version": "1.0.0",
      "category": "Container Registry"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ContainerRegistry/registries"
          },
          {
            "field": "Microsoft.ContainerRegistry/registries/adminUserEnabled",
            "equals": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "dc921057-6b28-4fbe-9b83-f7bec05db6c2"
}