last sync: 2024-Oct-11 17:51:49 UTC

Enforce recommended guardrails for Container Registry

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-ContainerRegistry
Display nameEnforce recommended guardrails for Container Registry
IdEnforce-Guardrails-ContainerRegistry
Version1.0.0
Details on versioning
CategoryContainer Registry
DescriptionThis policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 12
Builtin Policies: 12
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Configure container registries to disable anonymous authentication. cced2946-b08a-44fe-9fd9-e4ed8a779897 Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Configure container registries to disable ARM audience token authentication. 785596ed-054f-41bc-aaec-7f3d0ba05725 Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Configure container registries to disable local admin account. 79fdfe03-ffcb-4e55-b4d0-b925b8241759 Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Configure Container registries to disable public network access a3701552-92ea-433e-9d17-33b7f1208fc9 Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Configure container registries to disable repository scoped access token. a9b426fe-8856-4945-8600-18c5dd1cca2a Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Container registries should have anonymous authentication disabled. 9f2dea28-e834-476c-99c5-3507b4728395 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should have ARM audience token authentication disabled. 42781ec6-6127-4c30-bdfa-fb423a0047d3 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should have exports disabled 524b0254-c285-4903-bee6-bb8126cde579 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should have local admin account disabled. dc921057-6b28-4fbe-9b83-f7bec05db6c2 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should have repository scoped access token disabled. ff05e24e-195c-447e-b322-5e90c9f9f366 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should have SKUs that support Private Links bd560fc0-3c69-498a-ae9f-aa8eb7de0e13 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should not allow unrestricted network access d0793b48-0edc-4296-a390-4c75d1bdfd71 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Roles used
History none
JSON compare n/a
JSON
EPAC