AzPolicyAdvertizer

last sync: 2025-Jul-25 17:39:48 UTC

Subnets must have an NSG and that NSG must have the same suffix as the subnet

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy de1b0589-1706-4262-a4ae-de82aff55300 (1.0.0) to Azure
Display name Subnets must have an NSG and that NSG must have the same suffix as the subnet
Id de1b0589-1706-4262-a4ae-de82aff55300
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description This Policy requires that all subnets have an NSG and that the provisioned NSG shares the same suffix as it's attached Subnet.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
RBAC role(s) none
Rule aliases IF (4)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id Microsoft.Network virtualNetworks/subnets properties.networkSecurityGroup.id True True
Microsoft.Network/virtualNetworks/subnets[*] Microsoft.Network virtualNetworks properties.subnets[*] True False
Microsoft.Network/virtualNetworks/subnets[*].name Microsoft.Network virtualNetworks properties.subnets[*].name True False
Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id Microsoft.Network virtualNetworks properties.subnets[*].properties.networkSecurityGroup.id True True
Rule resource types IF (2)
Microsoft.Network/virtualNetworks
Microsoft.Network/virtualNetworks/subnets
JSON
EPAC
Deploy policy de1b0589-1706-4262-a4ae-de82aff55300 (1.0.0) to Azure