last sync: 2022-Dec-02 17:43:04 UTC

Azure Policy Initiative

Audit Public Network Access

NameAudit Public Network Access
Azure Portal
Idf1535064-3294-48fa-94e2-6e83095a5c08
Version4.0.0
details on versioning
CategorySDN
Microsoft docs
DescriptionAudit Azure resources that allow access from the public internet
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2022-08-18 16:32:47 add Policy Azure Databricks Workspaces should disable public network access (0e7849de-b939-4c50-ab48-fc6b0f5eeba2)
add Policy Service Bus Namespaces should disable public network access (cbd11fd3-3002-4907-b6c8-579f0e700e13)
Version change: '3.0.0' to '4.0.0'
2022-07-27 16:33:05 add Policy Managed disks should disable public network access (8405fdab-1faf-48aa-b702-999c9c172094)
add Policy App Service Environment apps should not be reachable over public internet (2d048aca-6479-4923-88f5-e2ac295d9af3)
add Policy Azure Key Vault should disable public network access (405c5871-3e91-4644-8a63-58e19d68ff5b)
add Policy Azure Monitor Private Link Scope should block access to non private link resources (a499fed8-bcc8-4195-b154-641f14743757)
Version change: '2.0.0' to '3.0.0'
2022-06-21 16:34:04 Name change: 'Audit Public Network Access Initiative' to 'Audit Public Network Access'
2022-06-16 16:34:43 add Policy Storage accounts should disable public network access (b2982f36-99f2-4db5-8eff-283140c09693)
add Policy Application Insights components should block log ingestion and querying from public networks (1bc02227-0cb6-4e11-8f53-eb0b22eab7e8)
add Policy IoT Hub device provisioning service instances should disable public network access (d82101f3-f3ce-4fc5-8708-4c09f4009546)
add Policy Azure Attestation providers should disable public network access (5e7e928c-8693-4a23-9bf3-1c77b9a8fe97)
add Policy Azure SignalR Service should disable public network access (21a9766a-82a5-4747-abb5-650b6dbba6d0)
add Policy Azure Arc Private Link Scopes should disable public network access (898f2439-3333-4713-af25-f1d78bc50556)
add Policy Log Analytics workspaces should block log ingestion and querying from public networks (6c53d030-cc64-46f0-906d-2bc061cd1334)
add Policy Public network access should be disabled for PostgreSQL servers (b52376f7-9612-48a1-81cd-1ffe4b61032c)
add Policy Public network access should be disabled for MariaDB servers (fdccbe47-f3e3-4213-ad5d-ea459b2fa077)
add Policy Public network access should be disabled for PostgreSQL flexible servers (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48)
add Policy Public network access on Azure SQL Database should be disabled (1b8ca024-1d5c-4dec-8995-b1a932b41780)
add Policy Azure Media Services accounts should disable public network access (8bfe3603-0888-404a-87ff-5c1b6b4cc5e3)
add Policy Azure Cosmos DB should disable public network access (797b37f7-06b8-444c-b1ad-fc62867f335a)
add Policy Public network access should be disabled for MySQL servers (d9844e8a-1437-4aeb-a32c-0c992f056095)
add Policy Public network access should be disabled for MySQL flexible servers (c9299215-ae47-4f50-9c54-8a392f68a052)
add Policy Bot Service should have public network access disabled (5e8168db-69e3-4beb-9822-57cb59202a9d)
add Policy Azure Web PubSub Service should disable public network access (bf45113f-264e-4a87-88f9-29ac8a0aca6a)
Version change: '1.0.0' to '2.0.0'
2022-04-28 17:39:07 add Initiative f1535064-3294-48fa-94e2-6e83095a5c08
Policy count Total Policies: 36
Builtin Policies: 36
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
App Configuration should disable public network access 3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
App Service Environment apps should not be reachable over public internet 2d048aca-6479-4923-88f5-e2ac295d9af3 App Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Application Insights components should block log ingestion and querying from public networks 1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Automation accounts should disable public network access 955a914f-bf86-4f0e-acd5-e0766b0efcb6 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Arc Private Link Scopes should disable public network access 898f2439-3333-4713-af25-f1d78bc50556 Azure Arc Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Attestation providers should disable public network access 5e7e928c-8693-4a23-9bf3-1c77b9a8fe97 Attestation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Cache for Redis should disable public network access 470baccb-7e51-4549-8b1a-3e5be069f663 Cache Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Cognitive Search services should disable public network access ee980b6d-0eca-4501-8d54-f6290fd512c3 Search Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Cosmos DB should disable public network access 797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Databricks Workspaces should disable public network access 0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Event Grid domains should disable public network access f8f774be-6aee-492a-9e29-486ef81f3a68 Event Grid Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Event Grid topics should disable public network access 1adadefe-5f21-44f7-b931-a59b54ccdb45 Event Grid Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Key Vault should disable public network access 405c5871-3e91-4644-8a63-58e19d68ff5b Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Machine Learning workspaces should disable public network access 438c38d2-3772-465a-a9cc-7a6666a275ce Machine Learning Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Media Services accounts should disable public network access 8bfe3603-0888-404a-87ff-5c1b6b4cc5e3 Media Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Monitor Private Link Scope should block access to non private link resources a499fed8-bcc8-4195-b154-641f14743757 Monitoring Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure SignalR Service should disable public network access 21a9766a-82a5-4747-abb5-650b6dbba6d0 SignalR Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Synapse workspaces should disable public network access 38d8df46-cf4e-4073-8e03-48c24b29de0d Synapse Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web PubSub Service should disable public network access bf45113f-264e-4a87-88f9-29ac8a0aca6a Web PubSub Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Bot Service should have public network access disabled 5e8168db-69e3-4beb-9822-57cb59202a9d Bot Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Cognitive Services accounts should disable public network access 0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
IoT Hub device provisioning service instances should disable public network access d82101f3-f3ce-4fc5-8708-4c09f4009546 Internet of Things Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Log Analytics workspaces should block log ingestion and querying from public networks 6c53d030-cc64-46f0-906d-2bc061cd1334 Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Managed disks should disable public network access 8405fdab-1faf-48aa-b702-999c9c172094 Compute Default
Audit
Allowed
Audit, Disabled
0 GA
Public network access on Azure Data Factory should be disabled 1cf164be-6819-4a50-b8fa-4bcaa4f98fb6 Data Factory Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access on Azure IoT Hub should be disabled 2d6830fb-07eb-48e7-8c4d-2a442b35f0fb Internet of Things Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for Batch accounts 74c5a0ae-5e48-4738-b093-65e23a060488 Batch Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for Container registries 0fdf0491-d080-4575-b627-ad0e843cba0f Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for MySQL flexible servers c9299215-ae47-4f50-9c54-8a392f68a052 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for PostgreSQL flexible servers 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Service Bus Namespaces should disable public network access cbd11fd3-3002-4907-b6c8-579f0e700e13 Service Bus Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should disable public network access b2982f36-99f2-4db5-8eff-283140c09693 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Roles used No Roles used
JSON