last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

[Preview]: Azure Recovery Services vaults should use private link

Name [Preview]: Azure Recovery Services vaults should use private link
Azure Portal
Id deeddb44-9f94-4903-9fa0-081d524406e3
Version 1.0.0-preview
details on versioning
Category Backup
Microsoft docs
Description Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Recovery Services vaults, data leakage risks are reduced. Learn more about private links at: https://aka.ms/AB-PrivateEndpoints.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add deeddb44-9f94-4903-9fa0-081d524406e3
Used in Initiatives none
JSON
{
  "properties": {
  "displayName": "[Preview]: Azure Recovery Services vaults should use private link",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Recovery Services vaults, data leakage risks are reduced. Learn more about private links at: https://aka.ms/AB-PrivateEndpoints.",
    "metadata": {
      "version": "1.0.0-preview",
      "preview": true,
      "category": "Backup"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.RecoveryServices/vaults"
          },
          {
            "count": {
            "field": "Microsoft.RecoveryServices/vaults/privateEndpointConnections[*]",
              "where": {
                "allOf": [
                  {
                  "field": "Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
                    "equals": "Approved"
                  },
                  {
                  "field": "Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState",
                    "equals": "Succeeded"
                  }
                ]
              }
            },
            "less": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "deeddb44-9f94-4903-9fa0-081d524406e3"
}