last sync: 2024-Oct-11 17:51:49 UTC

[Preview]: Control the use of Container Registry in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of Container Registry in a Virtual Enclave
Idb3fe25eb-cdc6-475f-96a5-04ac270f630d
Version1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for Container Registry ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 8
Builtin Policies: 8
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Configure container registries to disable anonymous authentication. cced2946-b08a-44fe-9fd9-e4ed8a779897 Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA
Configure Container registries to disable public network access a3701552-92ea-433e-9d17-33b7f1208fc9 Container Registry Default
Modify
Allowed
Modify, Disabled
1 Contributor GA
Container registries should be encrypted with a customer-managed key 5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Container registries should have anonymous authentication disabled. 9f2dea28-e834-476c-99c5-3507b4728395 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Container registries should have SKUs that support Private Links bd560fc0-3c69-498a-ae9f-aa8eb7de0e13 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Container registries should not allow unrestricted network access d0793b48-0edc-4296-a390-4c75d1bdfd71 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Container registries should use private link e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container Registry Default
Audit
Allowed
Audit, Disabled
0 GA
Public network access should be disabled for Container registries 0fdf0491-d080-4575-b627-ad0e843cba0f Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Roles used Total Roles usage: 2
Total Roles unique usage: 1
Role Role Id Policies count Policies
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 2 Configure container registries to disable anonymous authentication., Configure Container registries to disable public network access
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative b3fe25eb-cdc6-475f-96a5-04ac270f630d
JSON compare n/a
JSON
api-version=2021-06-01
EPAC