last sync: 2024-Apr-19 17:44:22 UTC

[Preview]: Control the use of Storage Accounts in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of Storage Accounts in a Virtual Enclave
Idca122c06-05f6-4423-9018-ccb523168eb2
Version1.1.0-preview
Details on versioning
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for Storage Accounts ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 11
Builtin Policies: 11
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Configure Storage Accounts to restrict network access through network ACL bypass configuration only. 41a72361-06e3-4e80-832a-690bd0708bc1 VirtualEnclaves Default
Modify
Allowed
Modify, Disabled
1 Storage Account Contributor GA
Configure your Storage account public access to be disallowed 13502221-8df0-4414-9937-de9c5c4e396b Storage Default
Modify
Allowed
Modify, Disabled
1 Storage Account Contributor GA
Microsoft Defender for Storage should be enabled 640d2586-54d2-465f-877f-9ffc1d2109f4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Queue Storage should use customer-managed key for encryption f0e5abd0-2554-4736-b7c0-4ffef23475ef Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage account encryption scopes should use customer-managed keys to encrypt data at rest b5ec538c-daa0-4006-8596-35468b9148e8 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should have the specified minimum TLS version fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage Accounts should restrict network access through network ACL bypass configuration only. 7809fda1-ba27-48c1-9c63-1f5aee46ba89 VirtualEnclaves Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default
Audit
Allowed
Audit, Disabled
0 GA
Storage accounts should use private link 6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Table Storage should use customer-managed key for encryption 7c322315-e26d-4174-a99e-f49d351b4688 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Roles used Total Roles usage: 2
Total Roles unique usage: 1
Role Role Id Policies count Policies
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab 2 Configure Storage Accounts to restrict network access through network ACL bypass configuration only., Configure your Storage account public access to be disallowed
History
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC