last sync: 2024-Apr-24 17:47:19 UTC

[Preview]: Control the use of App Service in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of App Service in a Virtual Enclave
Id528d78c5-246c-4f26-ade6-d30798705411
Version1.0.0-preview
Details on versioning
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for App Service ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 44
Builtin Policies: 44
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
App Service app slots should disable public network access 701a595d-38fb-4a66-ae6d-fb3735217622 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
App Service app slots should have remote debugging turned off a08ae1ab-8d1d-422b-a123-df82b307ba61 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should have resource logs enabled d639b3af-a535-4bef-8dcf-15078cddf5e2 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should not have CORS configured to allow every resource to access your apps cae7c12e-764b-4c87-841a-fdc6675d196f App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should only be accessible over HTTPS ae1b9a8c-dfce-4605-bd91-69213b4a26fc App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
App Service app slots should use latest 'HTTP Version' 4dcfb8b5-05cd-4090-a931-2ec29057e1fc App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should use managed identity 4a15c15f-90d5-4a1f-8b63-2903944963fd App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should use the latest TLS version 4ee5b817-627a-435a-8932-116193268172 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should disable public network access 1b5ef780-c53c-4a64-87f3-bb9c8c8094ba App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
App Service apps should have authentication enabled 95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have remote debugging turned off cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have resource logs enabled 91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should not have CORS configured to allow every resource to access your apps 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
App Service apps should use latest 'HTTP Version' 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should use managed identity 2b9ad585-36bc-4615-b300-fd4435808332 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps that use Java should use a specified 'Java version' 496223c3-ad65-4ecd-878a-bae78737e9ed App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps that use PHP should use a specified 'PHP version' 7261b898-8a84-4db8-9e04-18527132abb3 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps that use Python should use a specified 'Python version' 7008174a-fd10-4ef0-817e-fc820a951d73 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service Environment should be provisioned with latest versions eb4d34ab-0929-491c-bbf3-61e13da19f9a App Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
App Service Environment should have internal encryption enabled fb74e86f-d351-4b8d-b034-93da7391c01f App Service Default
Audit
Allowed
Audit, Disabled
0 GA
Configure App Service app slots to disable public network access c6c3e00e-d414-4ca4-914f-406699bb8eee App Service Default
Modify
Allowed
Modify, Disabled
3 Managed Identity Operator, Network Contributor, Website Contributor GA
Configure App Service app slots to only be accessible over HTTPS a18c77f2-3d6d-497a-9f61-849a7e8a3b79 App Service Default
Modify
Allowed
Modify, Disabled
1 Website Contributor GA
Configure App Service app slots to turn off remote debugging cca5adfe-626b-4cc6-8522-f5b6ed2391bd App Service Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Website Contributor GA
Configure App Service apps to disable public network access 2374605e-3e0b-492b-9046-229af202562c App Service Default
Modify
Allowed
Modify, Disabled
3 Managed Identity Operator, Network Contributor, Website Contributor GA
Configure App Service apps to only be accessible over HTTPS 0f98368e-36bc-4716-8ac2-8f8067203b63 App Service Default
Modify
Allowed
Modify, Disabled
1 Website Contributor GA
Configure Function app slots to disable public network access 242222f3-4985-4e99-b5ef-086d6a6cb01c App Service Default
Modify
Allowed
Modify, Disabled
3 Managed Identity Operator, Network Contributor, Website Contributor GA
Configure Function app slots to only be accessible over HTTPS 08cf2974-d178-48a0-b26d-f6b8e555748b App Service Default
Modify
Allowed
Modify, Disabled
1 Website Contributor GA
Configure Function app slots to turn off remote debugging 70adbb40-e092-42d5-a6f8-71c540a5efdb App Service Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Website Contributor GA
Configure Function apps to disable public network access cd794351-e536-40f4-9750-503a463d8cad App Service Default
Modify
Allowed
Modify, Disabled
3 Managed Identity Operator, Network Contributor, Website Contributor GA
Configure Function apps to only be accessible over HTTPS a096cbd0-4693-432f-9374-682f485f23f3 App Service Default
Modify
Allowed
Modify, Disabled
1 Website Contributor GA
Configure Function apps to turn off remote debugging 25a5046c-c423-4805-9235-e844ae9ef49b App Service Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Website Contributor GA
Function app slots should disable public network access 11c82d0c-db9f-4d7b-97c5-f3f9aa957da2 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Function app slots should have remote debugging turned off 89691ef9-8c50-49a8-8950-9c7fba41699e App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function app slots should not have CORS configured to allow every resource to access your apps a1a22235-dd10-4062-bd55-7d62778f41b0 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function app slots should only be accessible over HTTPS 5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Function apps should disable public network access 969ac98b-88a8-449f-883c-2e9adb123127 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Function apps should have authentication enabled c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should have remote debugging turned off 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should not have CORS configured to allow every resource to access your apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Function apps should use managed identity 0da106f2-4ca3-48e8-bc85-c638fe6aea8f App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps that use Java should use a specified 'Java version' 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps that use Python should use a specified 'Python version' 7238174a-fd10-4ef0-817e-fc820a951d73 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Roles used Total Roles usage: 19
Total Roles unique usage: 3
Role Role Id Policies count Policies
Managed Identity Operator f1a07417-d97a-45cb-824c-7a7467783830 4 Configure App Service app slots to disable public network access, Configure App Service apps to disable public network access, Configure Function app slots to disable public network access, Configure Function apps to disable public network access
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7 4 Configure App Service app slots to disable public network access, Configure App Service apps to disable public network access, Configure Function app slots to disable public network access, Configure Function apps to disable public network access
Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 11 Configure App Service app slots to disable public network access, Configure App Service app slots to only be accessible over HTTPS, Configure App Service app slots to turn off remote debugging, Configure App Service apps to disable public network access, Configure App Service apps to only be accessible over HTTPS, Configure Function app slots to disable public network access, Configure Function app slots to only be accessible over HTTPS, Configure Function app slots to turn off remote debugging, Configure Function apps to disable public network access, Configure Function apps to only be accessible over HTTPS, Configure Function apps to turn off remote debugging
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative 528d78c5-246c-4f26-ade6-d30798705411
JSON compare n/a
JSON
api-version=2021-06-01
EPAC