AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

Audit Public Network Access

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

Audit Public Network Access

f1535064-3294-48fa-94e2-6e83095a5c08

Version

4.2.0
Details on versioning

Category

SDN
Microsoft Learn

Description

Audit Azure resources that allow access from the public internet

Type

BuiltIn

Deprecated

False

Preview

False

Policy count

Total Policies: 35
Builtin Policies: 35
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State
App Configuration should disable public network access	3d9f5e4c-9947-4579-9539-2a7695fbc187	App Configuration	Default Audit Allowed Audit, Deny, Disabled	GA
App Service Environment apps should not be reachable over public internet	2d048aca-6479-4923-88f5-e2ac295d9af3	App Service	Default Audit Allowed Audit, Deny, Disabled	GA
Application Insights components should block log ingestion and querying from public networks	1bc02227-0cb6-4e11-8f53-eb0b22eab7e8	Monitoring	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Automation accounts should disable public network access	955a914f-bf86-4f0e-acd5-e0766b0efcb6	Automation	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Arc Private Link Scopes should disable public network access	898f2439-3333-4713-af25-f1d78bc50556	Azure Arc	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Attestation providers should disable public network access	5e7e928c-8693-4a23-9bf3-1c77b9a8fe97	Attestation	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Cache for Redis should disable public network access	470baccb-7e51-4549-8b1a-3e5be069f663	Cache	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Cognitive Search services should disable public network access	ee980b6d-0eca-4501-8d54-f6290fd512c3	Search	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Cosmos DB should disable public network access	797b37f7-06b8-444c-b1ad-fc62867f335a	Cosmos DB	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Databricks Workspaces should disable public network access	0e7849de-b939-4c50-ab48-fc6b0f5eeba2	Azure Databricks	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Event Grid domains should disable public network access	f8f774be-6aee-492a-9e29-486ef81f3a68	Event Grid	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Event Grid topics should disable public network access	1adadefe-5f21-44f7-b931-a59b54ccdb45	Event Grid	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Key Vault should disable public network access	405c5871-3e91-4644-8a63-58e19d68ff5b	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Machine Learning Workspaces should disable public network access	438c38d2-3772-465a-a9cc-7a6666a275ce	Machine Learning	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Media Services accounts should disable public network access	8bfe3603-0888-404a-87ff-5c1b6b4cc5e3	Media Services	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Monitor Private Link Scope should block access to non private link resources	a499fed8-bcc8-4195-b154-641f14743757	Monitoring	Default Audit Allowed Audit, Deny, Disabled	GA
Azure SignalR Service should disable public network access	21a9766a-82a5-4747-abb5-650b6dbba6d0	SignalR	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Synapse workspaces should disable public network access	38d8df46-cf4e-4073-8e03-48c24b29de0d	Synapse	Default Audit Allowed Audit, Deny, Disabled	GA
Azure Web PubSub Service should disable public network access	bf45113f-264e-4a87-88f9-29ac8a0aca6a	Web PubSub	Default Audit Allowed Audit, Deny, Disabled	GA
Bot Service should have public network access disabled	5e8168db-69e3-4beb-9822-57cb59202a9d	Bot Service	Default Audit Allowed Audit, Deny, Disabled	GA
IoT Hub device provisioning service instances should disable public network access	d82101f3-f3ce-4fc5-8708-4c09f4009546	Internet of Things	Default Audit Allowed Audit, Deny, Disabled	GA
Log Analytics workspaces should block log ingestion and querying from public networks	6c53d030-cc64-46f0-906d-2bc061cd1334	Monitoring	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Managed disks should disable public network access	8405fdab-1faf-48aa-b702-999c9c172094	Compute	Default Audit Allowed Audit, Disabled	GA
Public network access on Azure Data Factory should be disabled	1cf164be-6819-4a50-b8fa-4bcaa4f98fb6	Data Factory	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access on Azure IoT Hub should be disabled	2d6830fb-07eb-48e7-8c4d-2a442b35f0fb	Internet of Things	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access on Azure SQL Database should be disabled	1b8ca024-1d5c-4dec-8995-b1a932b41780	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for Batch accounts	74c5a0ae-5e48-4738-b093-65e23a060488	Batch	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for Container registries	0fdf0491-d080-4575-b627-ad0e843cba0f	Container Registry	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for MariaDB servers	fdccbe47-f3e3-4213-ad5d-ea459b2fa077	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for MySQL flexible servers	c9299215-ae47-4f50-9c54-8a392f68a052	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for MySQL servers	d9844e8a-1437-4aeb-a32c-0c992f056095	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for PostgreSQL flexible servers	5e1de0e3-42cb-4ebc-a86d-61d0c619ca48	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Public network access should be disabled for PostgreSQL servers	b52376f7-9612-48a1-81cd-1ffe4b61032c	SQL	Default Audit Allowed Audit, Deny, Disabled	GA
Service Bus Namespaces should disable public network access	cbd11fd3-3002-4907-b6c8-579f0e700e13	Service Bus	Default Audit Allowed Audit, Deny, Disabled	GA
Storage accounts should disable public network access	b2982f36-99f2-4db5-8eff-283140c09693	Storage	Default Audit Allowed Audit, Deny, Disabled	GA

Roles used

No Roles used

History

Date/Time (UTC ymd) (i)	Changes
2024-04-11 17:47:35	Version change: '4.1.0' to '4.2.0' remove Policy [Deprecated]: Cognitive Services accounts should disable public network access (0725b4dd-7e76-479c-a735-68e7ee23d5ca)
2023-04-06 17:42:17	Version change: '4.0.0' to '4.1.0'
2022-08-18 16:32:47	add Policy Service Bus Namespaces should disable public network access (cbd11fd3-3002-4907-b6c8-579f0e700e13) add Policy Azure Databricks Workspaces should disable public network access (0e7849de-b939-4c50-ab48-fc6b0f5eeba2) Version change: '3.0.0' to '4.0.0'
2022-07-27 16:33:05	add Policy Managed disks should disable public network access (8405fdab-1faf-48aa-b702-999c9c172094) add Policy App Service Environment apps should not be reachable over public internet (2d048aca-6479-4923-88f5-e2ac295d9af3) add Policy Azure Monitor Private Link Scope should block access to non private link resources (a499fed8-bcc8-4195-b154-641f14743757) add Policy Azure Key Vault should disable public network access (405c5871-3e91-4644-8a63-58e19d68ff5b) Version change: '2.0.0' to '3.0.0'
2022-06-21 16:34:04	Name change: 'Audit Public Network Access Initiative' to 'Audit Public Network Access'
2022-06-16 16:34:43	add Policy Azure SignalR Service should disable public network access (21a9766a-82a5-4747-abb5-650b6dbba6d0) add Policy Log Analytics workspaces should block log ingestion and querying from public networks (6c53d030-cc64-46f0-906d-2bc061cd1334) add Policy Public network access should be disabled for MariaDB servers (fdccbe47-f3e3-4213-ad5d-ea459b2fa077) add Policy Public network access on Azure SQL Database should be disabled (1b8ca024-1d5c-4dec-8995-b1a932b41780) add Policy Azure Web PubSub Service should disable public network access (bf45113f-264e-4a87-88f9-29ac8a0aca6a) add Policy Application Insights components should block log ingestion and querying from public networks (1bc02227-0cb6-4e11-8f53-eb0b22eab7e8) add Policy Azure Media Services accounts should disable public network access (8bfe3603-0888-404a-87ff-5c1b6b4cc5e3) add Policy Azure Cosmos DB should disable public network access (797b37f7-06b8-444c-b1ad-fc62867f335a) add Policy IoT Hub device provisioning service instances should disable public network access (d82101f3-f3ce-4fc5-8708-4c09f4009546) add Policy Storage accounts should disable public network access (b2982f36-99f2-4db5-8eff-283140c09693) add Policy Azure Arc Private Link Scopes should disable public network access (898f2439-3333-4713-af25-f1d78bc50556) add Policy Public network access should be disabled for MySQL servers (d9844e8a-1437-4aeb-a32c-0c992f056095) add Policy Public network access should be disabled for MySQL flexible servers (c9299215-ae47-4f50-9c54-8a392f68a052) add Policy Bot Service should have public network access disabled (5e8168db-69e3-4beb-9822-57cb59202a9d) add Policy Azure Attestation providers should disable public network access (5e7e928c-8693-4a23-9bf3-1c77b9a8fe97) add Policy Public network access should be disabled for PostgreSQL servers (b52376f7-9612-48a1-81cd-1ffe4b61032c) add Policy Public network access should be disabled for PostgreSQL flexible servers (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48) Version change: '1.0.0' to '2.0.0'
2022-04-28 17:39:07	add Initiative f1535064-3294-48fa-94e2-6e83095a5c08

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC