AzInitiativeAdvertizer

last sync: 2022-Dec-02 17:43:04 UTC

Azure Policy Initiative

Audit Public Network Access

Name

Audit Public Network Access
Azure Portal

f1535064-3294-48fa-94e2-6e83095a5c08

Version

4.0.0
details on versioning

Category

SDN
Microsoft docs

Description

Audit Azure resources that allow access from the public internet

Type

BuiltIn

Deprecated

False

Preview

False

History

Date/Time (UTC ymd) (i)	Changes
2022-08-18 16:32:47	add Policy Azure Databricks Workspaces should disable public network access (0e7849de-b939-4c50-ab48-fc6b0f5eeba2) add Policy Service Bus Namespaces should disable public network access (cbd11fd3-3002-4907-b6c8-579f0e700e13) Version change: '3.0.0' to '4.0.0'
2022-07-27 16:33:05	add Policy Managed disks should disable public network access (8405fdab-1faf-48aa-b702-999c9c172094) add Policy App Service Environment apps should not be reachable over public internet (2d048aca-6479-4923-88f5-e2ac295d9af3) add Policy Azure Key Vault should disable public network access (405c5871-3e91-4644-8a63-58e19d68ff5b) add Policy Azure Monitor Private Link Scope should block access to non private link resources (a499fed8-bcc8-4195-b154-641f14743757) Version change: '2.0.0' to '3.0.0'
2022-06-21 16:34:04	Name change: 'Audit Public Network Access Initiative' to 'Audit Public Network Access'
2022-06-16 16:34:43	add Policy Storage accounts should disable public network access (b2982f36-99f2-4db5-8eff-283140c09693) add Policy Application Insights components should block log ingestion and querying from public networks (1bc02227-0cb6-4e11-8f53-eb0b22eab7e8) add Policy IoT Hub device provisioning service instances should disable public network access (d82101f3-f3ce-4fc5-8708-4c09f4009546) add Policy Azure Attestation providers should disable public network access (5e7e928c-8693-4a23-9bf3-1c77b9a8fe97) add Policy Azure SignalR Service should disable public network access (21a9766a-82a5-4747-abb5-650b6dbba6d0) add Policy Azure Arc Private Link Scopes should disable public network access (898f2439-3333-4713-af25-f1d78bc50556) add Policy Log Analytics workspaces should block log ingestion and querying from public networks (6c53d030-cc64-46f0-906d-2bc061cd1334) add Policy Public network access should be disabled for PostgreSQL servers (b52376f7-9612-48a1-81cd-1ffe4b61032c) add Policy Public network access should be disabled for MariaDB servers (fdccbe47-f3e3-4213-ad5d-ea459b2fa077) add Policy Public network access should be disabled for PostgreSQL flexible servers (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48) add Policy Public network access on Azure SQL Database should be disabled (1b8ca024-1d5c-4dec-8995-b1a932b41780) add Policy Azure Media Services accounts should disable public network access (8bfe3603-0888-404a-87ff-5c1b6b4cc5e3) add Policy Azure Cosmos DB should disable public network access (797b37f7-06b8-444c-b1ad-fc62867f335a) add Policy Public network access should be disabled for MySQL servers (d9844e8a-1437-4aeb-a32c-0c992f056095) add Policy Public network access should be disabled for MySQL flexible servers (c9299215-ae47-4f50-9c54-8a392f68a052) add Policy Bot Service should have public network access disabled (5e8168db-69e3-4beb-9822-57cb59202a9d) add Policy Azure Web PubSub Service should disable public network access (bf45113f-264e-4a87-88f9-29ac8a0aca6a) Version change: '1.0.0' to '2.0.0'
2022-04-28 17:39:07	add Initiative f1535064-3294-48fa-94e2-6e83095a5c08

Policy count

Total Policies: 36
Builtin Policies: 36
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State
App Configuration should disable public network access	3d9f5e4c-9947-4579-9539-2a7695fbc187	App Configuration	Default Audit Allowed Audit, Deny, Disabled	GA
App Service Environment apps should not be reachable over public internet	2d048aca-6479-4923-88f5-e2ac295d9af3	App Service	Default Audit Allowed Audit, Deny, Disabled	GA
Application Insights components should block log ingestion and querying from public networks	1bc02227-0cb6-4e11-8f53-eb0b22eab7e8	Monitoring	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Automation accounts should disable public network access	955a914f-bf86-4f0e-acd5-e0766b0efcb6	Automation	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Arc Private Link Scopes should disable public network access	898f2439-3333-4713-af25-f1d78bc50556	Azure Arc	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Attestation providers should disable public network access	5e7e928c-8693-4a23-9bf3-1c77b9a8fe97	Attestation	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Cache for Redis should disable public network access	470baccb-7e51-4549-8b1a-3e5be069f663	Cache	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Cognitive Search services should disable public network access	ee980b6d-0eca-4501-8d54-f6290fd512c3	Search	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Cosmos DB should disable public network access	797b37f7-06b8-444c-b1ad-fc62867f335a	Cosmos DB	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Databricks Workspaces should disable public network access	0e7849de-b939-4c50-ab48-fc6b0f5eeba2	Azure Databricks	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Event Grid domains should disable public network access	f8f774be-6aee-492a-9e29-486ef81f3a68	Event Grid	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Event Grid topics should disable public network access	1adadefe-5f21-44f7-b931-a59b54ccdb45	Event Grid	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Key Vault should disable public network access	405c5871-3e91-4644-8a63-58e19d68ff5b	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Machine Learning workspaces should disable public network access	438c38d2-3772-465a-a9cc-7a6666a275ce	Machine Learning	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Media Services accounts should disable public network access	8bfe3603-0888-404a-87ff-5c1b6b4cc5e3	Media Services	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Monitor Private Link Scope should block access to non private link resources	a499fed8-bcc8-4195-b154-641f14743757	Monitoring	Default Audit Allowed Audit, Deny, Disabled	GA
Azure SignalR Service should disable public network access	21a9766a-82a5-4747-abb5-650b6dbba6d0	SignalR	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Synapse workspaces should disable public network access	38d8df46-cf4e-4073-8e03-48c24b29de0d	Synapse	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Web PubSub Service should disable public network access	bf45113f-264e-4a87-88f9-29ac8a0aca6a	Web PubSub	Default Audit Allowed Audit, Deny, Disabled	GA
Bot Service should have public network access disabled	5e8168db-69e3-4beb-9822-57cb59202a9d	Bot Service	Default Audit Allowed Audit, Deny, Disabled	GA
Cognitive Services accounts should disable public network access	0725b4dd-7e76-479c-a735-68e7ee23d5ca	Cognitive Services	Default Audit Allowed Audit, Deny, Disabled	GA
IoT Hub device provisioning service instances should disable public network access	d82101f3-f3ce-4fc5-8708-4c09f4009546	Internet of Things	Default Audit Allowed Audit, Deny, Disabled	GA
Log Analytics workspaces should block log ingestion and querying from public networks	6c53d030-cc64-46f0-906d-2bc061cd1334	Monitoring	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Managed disks should disable public network access	8405fdab-1faf-48aa-b702-999c9c172094	Compute	Default Audit Allowed Audit, Disabled	GA
Public network access on Azure Data Factory should be disabled	1cf164be-6819-4a50-b8fa-4bcaa4f98fb6	Data Factory	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access on Azure IoT Hub should be disabled	2d6830fb-07eb-48e7-8c4d-2a442b35f0fb	Internet of Things	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access on Azure SQL Database should be disabled	1b8ca024-1d5c-4dec-8995-b1a932b41780	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for Batch accounts	74c5a0ae-5e48-4738-b093-65e23a060488	Batch	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for Container registries	0fdf0491-d080-4575-b627-ad0e843cba0f	Container Registry	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for MariaDB servers	fdccbe47-f3e3-4213-ad5d-ea459b2fa077	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for MySQL flexible servers	c9299215-ae47-4f50-9c54-8a392f68a052	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for MySQL servers	d9844e8a-1437-4aeb-a32c-0c992f056095	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for PostgreSQL flexible servers	5e1de0e3-42cb-4ebc-a86d-61d0c619ca48	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for PostgreSQL servers	b52376f7-9612-48a1-81cd-1ffe4b61032c	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Service Bus Namespaces should disable public network access	cbd11fd3-3002-4907-b6c8-579f0e700e13	Service Bus	Default Audit Allowed Audit, Deny, Disabled	GA
Storage accounts should disable public network access	b2982f36-99f2-4db5-8eff-283140c09693	Storage	Default Audit Allowed Audit, Deny, Disabled	GA

Roles used

No Roles used

JSON