last sync: 2024-Apr-24 17:47:19 UTC

[Preview]: Control the use of CosmosDB in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of CosmosDB in a Virtual Enclave
Id6bd484ca-ae8d-46cf-9b33-e1feef84bfba
Version1.0.0-preview
Details on versioning
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for CosmosDB ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 8
Builtin Policies: 8
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration. 9d83ccb1-f313-46ce-9d39-a198bfdb51a0 Cosmos DB Default
Audit
Allowed
Audit, Disabled
0 GA
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest 1f905d99-2ab7-462c-a6b0-f709acca6c8f Cosmos DB Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Azure Cosmos DB should disable public network access 797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Configure Cosmos DB database accounts to disable local authentication dc2d41d1-4ab1-4666-a3e1-3d51c43e0049 Cosmos DB Default
Modify
Allowed
Modify, Disabled
1 DocumentDB Account Contributor GA
Configure CosmosDB accounts to disable public network access da69ba51-aaf1-41e5-8651-607cd0b37088 Cosmos DB Default
Modify
Allowed
Modify, Disabled
2 Contributor, DocumentDB Account Contributor GA
Cosmos DB database accounts should have local authentication methods disabled 5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
CosmosDB accounts should use private link 58440f8a-10c5-4151-bdce-dfbaad4a20b7 Cosmos DB Default
Audit
Allowed
Audit, Disabled
0 GA
Deploy Advanced Threat Protection for Cosmos DB Accounts b5f04e03-92a3-4b09-9410-2cc5e5047656 Cosmos DB Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Roles used Total Roles usage: 4
Total Roles unique usage: 3
Role Role Id Policies count Policies
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 1 Configure CosmosDB accounts to disable public network access
DocumentDB Account Contributor 5bd9cd88-fe45-4216-938b-f97437e15450 2 Configure Cosmos DB database accounts to disable local authentication, Configure CosmosDB accounts to disable public network access
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd 1 Deploy Advanced Threat Protection for Cosmos DB Accounts
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative 6bd484ca-ae8d-46cf-9b33-e1feef84bfba
JSON compare n/a
JSON
api-version=2021-06-01
EPAC