AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

[Preview]: Control the use of Container Registry in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

[Preview]: Control the use of Container Registry in a Virtual Enclave

b3fe25eb-cdc6-475f-96a5-04ac270f630d

Version

1.0.0-preview
Details on versioning

Category

VirtualEnclaves
Microsoft Learn

Description

This initiative deploys Azure policies for Container Registry ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves

Type

BuiltIn

Deprecated

False

Preview

True

Policy count

Total Policies: 8
Builtin Policies: 8
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State
Configure container registries to disable anonymous authentication.	cced2946-b08a-44fe-9fd9-e4ed8a779897	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA
Configure Container registries to disable public network access	a3701552-92ea-433e-9d17-33b7f1208fc9	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA
Container registries should be encrypted with a customer-managed key	5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA
Container registries should have anonymous authentication disabled.	9f2dea28-e834-476c-99c5-3507b4728395	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA
Container registries should have SKUs that support Private Links	bd560fc0-3c69-498a-ae9f-aa8eb7de0e13	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA
Container registries should not allow unrestricted network access	d0793b48-0edc-4296-a390-4c75d1bdfd71	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA
Container registries should use private link	e8eef0a8-67cf-4eb4-9386-14b0e78733d4	Container Registry	Default Audit Allowed Audit, Disabled	0		GA
Public network access should be disabled for Container registries	0fdf0491-d080-4575-b627-ad0e843cba0f	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA

Roles used

Total Roles usage: 2
Total Roles unique usage: 1

Role	Role Id	Policies count	Policies
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c	2	Configure container registries to disable anonymous authentication., Configure Container registries to disable public network access

History

Date/Time (UTC ymd) (i)	Changes
2024-01-17 19:06:27	add Initiative b3fe25eb-cdc6-475f-96a5-04ac270f630d

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC