AzInitiativeAdvertizer

last sync: 2025-Jun-20 17:23:26 UTC

Audit Public Network Access

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameAudit Public Network Access
Idf1535064-3294-48fa-94e2-6e83095a5c08
Version4.3.0
Details on versioning
Versioning Versions supported for Versioning: 3
4.3.0
4.2.0
4.1.0
Built-in Versioning [Preview]
CategorySDN
Microsoft Learn
DescriptionAudit Azure resources that allow access from the public internet
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = unknown
Available in AzUSGovUnknown, no evidence if PolicySet definition is/not available in AzureUSGovernment
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 34
Builtin Policies: 34
Static Policies: 0
GA: 34
25 categories:
App Configuration: 1
App Service: 1
Attestation: 1
Automation: 1
Azure Arc: 1
Azure Databricks: 1
Batch: 1
Bot Service: 1
Cache: 1
Compute: 1
Container Registry: 1
Cosmos DB: 1
Data Factory: 1
Event Grid: 2
Internet of Things: 2
Key Vault: 1
Machine Learning: 1
Monitoring: 3
Search: 1
Service Bus: 1
SignalR: 1
SQL: 6
Storage: 1
Synapse: 1
Web PubSub: 1
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
App Configuration should disable public network access 3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
App Service Environment apps should not be reachable over public internet 2d048aca-6479-4923-88f5-e2ac295d9af3 App Service 3.0.0 1x
3.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Application Insights components should block log ingestion and querying from public networks 1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Monitoring 1.1.0 1x
1.1.0		 Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA unknown
Automation accounts should disable public network access 955a914f-bf86-4f0e-acd5-e0766b0efcb6 Automation 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure AI Search services should disable public network access ee980b6d-0eca-4501-8d54-f6290fd512c3 Search 1.0.1 2x
1.0.1, 1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure Arc Private Link Scopes should disable public network access 898f2439-3333-4713-af25-f1d78bc50556 Azure Arc 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Attestation providers should disable public network access 5e7e928c-8693-4a23-9bf3-1c77b9a8fe97 Attestation 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Cache for Redis should disable public network access 470baccb-7e51-4549-8b1a-3e5be069f663 Cache 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Cosmos DB should disable public network access 797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure Databricks Workspaces should disable public network access 0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks 1.0.1 1x
1.0.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure Event Grid domains should disable public network access f8f774be-6aee-492a-9e29-486ef81f3a68 Event Grid 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Event Grid topics should disable public network access 1adadefe-5f21-44f7-b931-a59b54ccdb45 Event Grid 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Key Vault should disable public network access 405c5871-3e91-4644-8a63-58e19d68ff5b Key Vault 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure Machine Learning Workspaces should disable public network access 438c38d2-3772-465a-a9cc-7a6666a275ce Machine Learning 2.0.1 1x
2.0.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure Monitor Private Link Scope should block access to non private link resources a499fed8-bcc8-4195-b154-641f14743757 Monitoring 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure SignalR Service should disable public network access 21a9766a-82a5-4747-abb5-650b6dbba6d0 SignalR 1.2.0 2x
1.2.0, 1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Synapse workspaces should disable public network access 38d8df46-cf4e-4073-8e03-48c24b29de0d Synapse 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Azure Web PubSub Service should disable public network access bf45113f-264e-4a87-88f9-29ac8a0aca6a Web PubSub 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Bot Service should have public network access disabled 5e8168db-69e3-4beb-9822-57cb59202a9d Bot Service 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
IoT Hub device provisioning service instances should disable public network access d82101f3-f3ce-4fc5-8708-4c09f4009546 Internet of Things 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Log Analytics workspaces should block log ingestion and querying from public networks 6c53d030-cc64-46f0-906d-2bc061cd1334 Monitoring 1.1.0 1x
1.1.0		 Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA unknown
Managed disks should disable public network access 8405fdab-1faf-48aa-b702-999c9c172094 Compute 2.1.0 2x
2.1.0, 2.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access on Azure Data Factory should be disabled 1cf164be-6819-4a50-b8fa-4bcaa4f98fb6 Data Factory 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access on Azure IoT Hub should be disabled 2d6830fb-07eb-48e7-8c4d-2a442b35f0fb Internet of Things 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Public network access should be disabled for Batch accounts 74c5a0ae-5e48-4738-b093-65e23a060488 Batch 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access should be disabled for Container registries 0fdf0491-d080-4575-b627-ad0e843cba0f Container Registry 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL 2.0.0 1x
2.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access should be disabled for MySQL flexible servers c9299215-ae47-4f50-9c54-8a392f68a052 SQL 2.3.0 3x
2.3.0, 2.2.0, 2.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL 2.0.0 1x
2.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access should be disabled for PostgreSQL flexible servers 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL 3.1.0 2x
3.1.0, 3.0.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL 2.0.1 1x
2.0.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Service Bus Namespaces should disable public network access cbd11fd3-3002-4907-b6c8-579f0e700e13 Service Bus 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Storage accounts should disable public network access b2982f36-99f2-4db5-8eff-283140c09693 Storage 1.0.1 1x
1.0.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA unknown
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2025-06-09 17:23:47 Version change: '4.2.0' to '4.3.0'
remove Policy [Deprecated]: Azure Media Services accounts should disable public network access (8bfe3603-0888-404a-87ff-5c1b6b4cc5e3)
2024-04-11 17:47:35 Version change: '4.1.0' to '4.2.0'
remove Policy [Deprecated]: Cognitive Services accounts should disable public network access (0725b4dd-7e76-479c-a735-68e7ee23d5ca)
2023-04-06 17:42:17 Version change: '4.0.0' to '4.1.0'
2022-08-18 16:32:47 add Policy Azure Databricks Workspaces should disable public network access (0e7849de-b939-4c50-ab48-fc6b0f5eeba2)
add Policy Service Bus Namespaces should disable public network access (cbd11fd3-3002-4907-b6c8-579f0e700e13)
Version change: '3.0.0' to '4.0.0'
2022-07-27 16:33:05 add Policy App Service Environment apps should not be reachable over public internet (2d048aca-6479-4923-88f5-e2ac295d9af3)
add Policy Managed disks should disable public network access (8405fdab-1faf-48aa-b702-999c9c172094)
add Policy Azure Key Vault should disable public network access (405c5871-3e91-4644-8a63-58e19d68ff5b)
add Policy Azure Monitor Private Link Scope should block access to non private link resources (a499fed8-bcc8-4195-b154-641f14743757)
Version change: '2.0.0' to '3.0.0'
2022-06-21 16:34:04 Name change: 'Audit Public Network Access Initiative' to 'Audit Public Network Access'
2022-06-16 16:34:43 add Policy Public network access should be disabled for PostgreSQL flexible servers (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48)
add Policy [Deprecated]: Azure Media Services accounts should disable public network access (8bfe3603-0888-404a-87ff-5c1b6b4cc5e3)
add Policy Storage accounts should disable public network access (b2982f36-99f2-4db5-8eff-283140c09693)
add Policy Application Insights components should block log ingestion and querying from public networks (1bc02227-0cb6-4e11-8f53-eb0b22eab7e8)
add Policy IoT Hub device provisioning service instances should disable public network access (d82101f3-f3ce-4fc5-8708-4c09f4009546)
add Policy Azure Attestation providers should disable public network access (5e7e928c-8693-4a23-9bf3-1c77b9a8fe97)
add Policy Azure SignalR Service should disable public network access (21a9766a-82a5-4747-abb5-650b6dbba6d0)
add Policy Azure Arc Private Link Scopes should disable public network access (898f2439-3333-4713-af25-f1d78bc50556)
add Policy Log Analytics workspaces should block log ingestion and querying from public networks (6c53d030-cc64-46f0-906d-2bc061cd1334)
add Policy Public network access should be disabled for PostgreSQL servers (b52376f7-9612-48a1-81cd-1ffe4b61032c)
add Policy Public network access should be disabled for MariaDB servers (fdccbe47-f3e3-4213-ad5d-ea459b2fa077)
add Policy Public network access on Azure SQL Database should be disabled (1b8ca024-1d5c-4dec-8995-b1a932b41780)
add Policy Azure Web PubSub Service should disable public network access (bf45113f-264e-4a87-88f9-29ac8a0aca6a)
add Policy Azure Cosmos DB should disable public network access (797b37f7-06b8-444c-b1ad-fc62867f335a)
add Policy Bot Service should have public network access disabled (5e8168db-69e3-4beb-9822-57cb59202a9d)
add Policy Public network access should be disabled for MySQL flexible servers (c9299215-ae47-4f50-9c54-8a392f68a052)
add Policy Public network access should be disabled for MySQL servers (d9844e8a-1437-4aeb-a32c-0c992f056095)
Version change: '1.0.0' to '2.0.0'
2022-04-28 17:39:07 add Initiative f1535064-3294-48fa-94e2-6e83095a5c08
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC