AzPolicyAdvertizer

last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

[Preview]: Azure Recovery Services vaults should use private link

Name [Preview]: Azure Recovery Services vaults should use private link
Azure Portal

Id deeddb44-9f94-4903-9fa0-081d524406e3

Version 1.0.0-preview
details on versioning

Category Backup
Microsoft docs

Description Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Recovery Services vaults, data leakage risks are reduced. Learn more about private links at: https://aka.ms/AB-PrivateEndpoints.

Mode Indexed

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-09 14:37:41	add	deeddb44-9f94-4903-9fa0-081d524406e3

Used in Initiatives none

JSON

{
  "properties": {
  "displayName": "[Preview]: Azure Recovery Services vaults should use private link",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Recovery Services vaults, data leakage risks are reduced. Learn more about private links at: https://aka.ms/AB-PrivateEndpoints.",
    "metadata": {
      "version": "1.0.0-preview",
      "preview": true,
      "category": "Backup"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.RecoveryServices/vaults"
          },
          {
            "count": {
            "field": "Microsoft.RecoveryServices/vaults/privateEndpointConnections[*]",
              "where": {
                "allOf": [
                  {
                  "field": "Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
                    "equals": "Approved"
                  },
                  {
                  "field": "Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState",
                    "equals": "Succeeded"
                  }
                ]
              }
            },
            "less": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "deeddb44-9f94-4903-9fa0-081d524406e3"
}