last sync: 2024-Jun-13 18:14:35 UTC

Public network access should be disabled for PaaS services

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-PublicPaaSEndpoints
Display namePublic network access should be disabled for PaaS services
IdDeny-PublicPaaSEndpoints
Version5.1.0
Details on versioning
CategoryNetwork
DescriptionThis policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 45
Builtin Policies: 44
Static Policies: 0
ALZ Policies: 1
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
[Deprecated]: Cognitive Services accounts should disable public network access 0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services Default
Disabled
Allowed
Audit, Deny, Disabled
0 Deprecated BuiltIn
[Preview]: Azure Key Vault Managed HSM should disable public network access 19ea9d63-adee-4431-a95e-1913c6c1c75f Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 Preview BuiltIn
[Preview]: Azure Recovery Services vaults should disable public network access 9ebbbba3-4d65-4da9-bb67-b22cfaaff090 Backup Default
Audit
Allowed
Audit, Deny, Disabled
0 Preview BuiltIn
[Preview]: Storage account public access should be disallowed 4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 Preview BuiltIn
API Management should disable public network access to the service configuration endpoints df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn
App Configuration should disable public network access 3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
App Service app slots should disable public network access 701a595d-38fb-4a66-ae6d-fb3735217622 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA BuiltIn
App Service apps should disable public network access 1b5ef780-c53c-4a64-87f3-bb9c8c8094ba App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA BuiltIn
App Service Environment apps should not be reachable over public internet 2d048aca-6479-4923-88f5-e2ac295d9af3 App Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Automation accounts should disable public network access 955a914f-bf86-4f0e-acd5-e0766b0efcb6 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure AI Services resources should restrict network access 037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure Ai Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Cache for Redis should disable public network access 470baccb-7e51-4549-8b1a-3e5be069f663 Cache Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Cognitive Search services should disable public network access ee980b6d-0eca-4501-8d54-f6290fd512c3 Search Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Cosmos DB should disable public network access 797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Event Grid domains should disable public network access f8f774be-6aee-492a-9e29-486ef81f3a68 Event Grid Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Event Grid topics should disable public network access 1adadefe-5f21-44f7-b931-a59b54ccdb45 Event Grid Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Key Vault should disable public network access 405c5871-3e91-4644-8a63-58e19d68ff5b Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Kubernetes Service Private Clusters should be enabled 040732e8-d947-40b8-95d6-854c95024bf8 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Machine Learning Workspaces should disable public network access 438c38d2-3772-465a-a9cc-7a6666a275ce Machine Learning Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Managed Grafana workspaces should disable public network access e8775d5a-73b7-4977-a39b-833ef0114628 Managed Grafana Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure SQL Managed Instances should disable public network access 9dfea752-dd46-4766-aed1-c355fa93fb91 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Synapse workspaces should disable public network access 38d8df46-cf4e-4073-8e03-48c24b29de0d Synapse Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Virtual Desktop hostpools should disable public network access c25dcf31-878f-4eba-98eb-0818fdc6a334 Desktop Virtualization Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Virtual Desktop workspaces should disable public network access 87ac3038-c07a-4b92-860d-29e270a4f3cd Desktop Virtualization Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Bot Service should have public network access disabled 5e8168db-69e3-4beb-9822-57cb59202a9d Bot Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container Apps environment should disable public network access d074ddf8-01a5-4b5e-a2b8-964aed452c0a Container Apps Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container Apps should disable external network access 783ea2a8-b8fd-46be-896a-9ae79643a0b1 Container Apps Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Event Hub Namespaces should disable public network access 0602787f-9896-402a-a6e1-39ee63ee435e Event Hub Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Function app slots should disable public network access 11c82d0c-db9f-4d7b-97c5-f3f9aa957da2 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA BuiltIn
Function apps should disable public network access 969ac98b-88a8-449f-883c-2e9adb123127 App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA BuiltIn
Logic apps should disable public network access Deny-LogicApp-Public-Network Logic Apps Default
Deny
Allowed
Audit, Deny, Disabled
0 GA ALZ
Managed disks should disable public network access 8405fdab-1faf-48aa-b702-999c9c172094 Compute Default
Audit
Allowed
Audit, Disabled
0 GA BuiltIn
Public network access on Azure Data Explorer should be disabled 43bc7be6-5e69-4b0d-a2bb-e815557ca673 Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access on Azure Data Factory should be disabled 1cf164be-6819-4a50-b8fa-4bcaa4f98fb6 Data Factory Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for Azure File Sync 21a8cd35-125e-4d13-b82d-2e19b7208bb7 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for Batch accounts 74c5a0ae-5e48-4738-b093-65e23a060488 Batch Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for Container registries 0fdf0491-d080-4575-b627-ad0e843cba0f Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for MySQL flexible servers c9299215-ae47-4f50-9c54-8a392f68a052 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for PostgreSQL flexible servers 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Service Bus Namespaces should disable public network access cbd11fd3-3002-4907-b6c8-579f0e700e13 Service Bus Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Storage accounts should disable public network access b2982f36-99f2-4db5-8eff-283140c09693 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Roles used
No Roles used
History none
JSON compare
compare mode: version left: version right:
JSON
EPAC