last sync: 2021-Mar-05 14:57:49 UTC

Azure Policy definition

API Management services should use a virtual network

Name API Management services should use a virtual network
Azure Portal
Id ef619a2c-cc4d-4d03-b2ba-8c94a834d85b
Version 1.0.1
details on versioning
Category API Management
Microsoft docs
Description Azure Virtual Network deployment provides enhanced security, isolation and allows you to place your API Management service in a non-internet routable network that you control access to. These networks can then be connected to your on-premises networks using various VPN technologies, which enables access to your backend services within the network and/or on-premises. The developer portal and API gateway, can be configured to be accessible either from the Internet or only within the virtual network.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-03 15:09:01 change Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2020-05-29 15:39:09 add ef619a2c-cc4d-4d03-b2ba-8c94a834d85b
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
JSON Changes

Json
{
  "properties": {
    "displayName": "API Management services should use a virtual network",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Virtual Network deployment provides enhanced security, isolation and allows you to place your API Management service in a non-internet routable network that you control access to. These networks can then be connected to your on-premises networks using various VPN technologies, which enables access to your backend services within the network and/or on-premises. The developer portal and API gateway, can be configured to be accessible either from the Internet or only within the virtual network.",
    "metadata": {
      "version": "1.0.1",
      "category": "API Management"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "evaluatedSkuNames": {
        "type": "Array",
        "metadata": {
          "displayName": "API Management SKU Names",
          "description": "List of API Management SKUs against which this policy will be evaluated."
        },
        "allowedValues": [
          "Developer",
          "Basic",
          "Standard",
          "Premium",
          "Consumption"
        ],
        "defaultValue": [
          "Developer",
          "Premium"
        ]
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ApiManagement/service"
          },
          {
            "field": "Microsoft.ApiManagement/service/sku.name",
          "in": "[parameters('evaluatedSkuNames')]"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.ApiManagement/service/virtualNetworkType",
                "exists": "false"
              },
              {
                "field": "Microsoft.ApiManagement/service/virtualNetworkType",
                "equals": "None"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "ef619a2c-cc4d-4d03-b2ba-8c94a834d85b"
}