| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services | ||
| Id | fd73310d-76fc-422d-bda4-3a077149f179 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy fd73310d-76fc-422d-bda4-3a077149f179 |
||
| Additional metadata |
Name/Id: ACF1627 / Microsoft Managed Control 1627 Category: System and Communications Protection Title: Boundary Protection | External Telecommunications Services Ownership: Microsoft Description: The organization: Establishes a traffic flow policy for each managed interface; Requirements: The Azure Networking team establishes routing policies and ACLs at the edge to only allow the export of 8075 public blocks to Azure's Border Gateway Protocol (BGP) peers. Edge Access Control Lists (ACLs) are applied inbound from all peering interfaces. The policy explicitly filters non-edge protocols such as SQL, RPC, 445, and 135-139 from entering the network from untrusted sources. Service teams running on top of the fabric customize the routing policies and ACLs necessary for their service. For instance, the Azure Portal needs to be externally accessible, but the JIT Portal does not. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|