AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

[Preview]: Control the use of AKS in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

[Preview]: Control the use of AKS in a Virtual Enclave

d300338e-65d1-4be3-b18e-fb4ce5715a8f

Version

1.0.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]

Category

VirtualEnclaves
Microsoft Learn

Description

This initiative deploys Azure policies for AKS ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves

Cloud environments

AzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true

Available in AzUSGov

The PolicySet is available in AzureUSGovernment cloud. Version: '1.0.0-preview'
Repository: Azure-Policy d300338e-65d1-4be3-b18e-fb4ce5715a8f

Type

BuiltIn

Deprecated

False

Preview

True

Policy-used summary

Policy types	Policy states	Policy categories
Total Policies: 8 Builtin Policies: 8 Static Policies: 0	GA: 9	2 categories: Kubernetes: 7 Security Center: 2

Policy-used

Policy DisplayName	Policy Id	Category	Version	Versioning	Effect	State	policy in AzUSGov
Authorized IP ranges should be defined on Kubernetes Services	0e246bcf-5f6f-4f87-bc6f-775d4712c7ea	Security Center	2.0.1	1x 2.0.1	Default Audit Allowed Audit, Disabled	GA	true
Azure Kubernetes Clusters should enable Key Management Service (KMS)	dbbdc317-9734-4dd8-9074-993b29c69008	Kubernetes	1.1.0	2x 1.1.0, 1.0.0	Default Audit Allowed Audit, Disabled	GA	true
Azure Kubernetes Service Clusters should disable Command Invoke	89f2d532-c53c-4f8f-9afa-4927b1114a0d	Kubernetes	1.0.1	1x 1.0.1	Default Audit Allowed Audit, Disabled	GA	true
Azure Kubernetes Service clusters should have Defender profile enabled	a1840de2-8088-4ea8-b153-b4c723e9cb01	Kubernetes	2.0.1	1x 2.0.1	Default Audit Allowed Audit, Disabled	GA	true
Azure Kubernetes Service Clusters should use managed identities	da6e2401-19da-4532-9141-fb8fbde08431	Kubernetes	1.0.1	1x 1.0.1	Default Audit Allowed Audit, Disabled	GA	true
Azure Kubernetes Service Private Clusters should be enabled	040732e8-d947-40b8-95d6-854c95024bf8	Kubernetes	1.0.1	1x 1.0.1	Default Audit Allowed Audit, Deny, Disabled	GA	true
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys	7d7be79c-23ba-4033-84dd-45e2a5ccdd67	Kubernetes	1.0.1	1x 1.0.1	Default Audit Allowed Audit, Deny, Disabled	GA	true
Role-Based Access Control (RBAC) should be used on Kubernetes Services	ac4a19c2-fa67-49b4-8ae5-0b2e78c49457	Security Center	1.1.0	3x 1.1.0, 1.0.4, 1.0.3	Default Audit Allowed Audit, Disabled	GA	true

Roles used

No Roles used

History

Date/Time (UTC ymd) (i)	Changes
2024-01-17 19:06:27	add Initiative d300338e-65d1-4be3-b18e-fb4ce5715a8f

JSON compare

n/a

JSON

api-version=2023-04-01
EPAC