AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

[Preview]: Control the use of Storage Accounts in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of Storage Accounts in a Virtual Enclave
Idca122c06-05f6-4423-9018-ccb523168eb2
Version1.1.0-preview
Details on versioning
Versioning Versions supported for Versioning: 2
1.1.0-preview
1.0.0-preview
Built-in Versioning [Preview]
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for Storage Accounts ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.1.0-preview'
Repository: Azure-Policy ca122c06-05f6-4423-9018-ccb523168eb2
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 11
Builtin Policies: 11
Static Policies: 0
GA: 11
3 categories:
Security Center: 1
Storage: 8
VirtualEnclaves: 2
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
Configure Storage Accounts to restrict network access through network ACL bypass configuration only. 41a72361-06e3-4e80-832a-690bd0708bc1 VirtualEnclaves 1.0.0 1x
1.0.0		 Default
Modify
Allowed
Modify, Disabled		 1 Storage Account Contributor GA true
Configure your Storage account public access to be disallowed 13502221-8df0-4414-9937-de9c5c4e396b Storage 1.0.0 1x
1.0.0		 Default
Modify
Allowed
Modify, Disabled		 1 Storage Account Contributor GA true
Microsoft Defender for Storage should be enabled 640d2586-54d2-465f-877f-9ffc1d2109f4 Security Center 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA unknown
Queue Storage should use customer-managed key for encryption f0e5abd0-2554-4736-b7c0-4ffef23475ef Storage 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage 2.0.0 1x
2.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Storage account encryption scopes should use customer-managed keys to encrypt data at rest b5ec538c-daa0-4006-8596-35468b9148e8 Storage 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Storage accounts should have the specified minimum TLS version fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Storage Accounts should restrict network access through network ACL bypass configuration only. 7809fda1-ba27-48c1-9c63-1f5aee46ba89 VirtualEnclaves 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage 1.0.3 1x
1.0.3		 Default
Audit
Allowed
Audit, Disabled		 0 GA true
Storage accounts should use private link 6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Table Storage should use customer-managed key for encryption 7c322315-e26d-4174-a99e-f49d351b4688 Storage 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Roles used Total Roles usage: 2
Total Roles unique usage: 1
Role Role Id #Policies Policies
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab 2 Configure Storage Accounts to restrict network access through network ACL bypass configuration only., Configure your Storage account public access to be disallowed
History
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC