Registries microsoft.containerregistry/registries Azure Resource type

Registries - Microsoft Azure Resource type
microsoft.containerregistry/registries

Resource provider (RP) - Microsoft ContainerRegistry [Microsoft.ContainerRegistry]
RP	Microsoft.ContainerRegistry
RP display name	Microsoft ContainerRegistry
RP Resource types	Resource types: 82
RP aliases	RP aliases: 643
RP Azure Policy	Azure Policy definitions: 33 • if: 33 • then.deployment: 0 • then.details: 0 • then.existenceCondition: 0 • then.operations: 0
RP RBAC operations	RP RBAC operations: 123 • RP RBAC operationType action: 21 • RP RBAC operationType delete: 22 • RP RBAC operationType read: 50 • RP RBAC operationType write: 30
RP RBAC Roles & Operation actions	Unique RBAC Roles: 39 • RBAC Roles with action operationType: 10 • RBAC Roles with delete operationType: 13 • RBAC Roles with read operationType: 37 • RBAC Roles with write operationType: 18
RP related 1st party Service Principals	RP related 1st party Service Principals: 7 • Microsoft Container Registry (appId: a4c95b9e-3994-40cc-8953-5dc66d48348d) • Azure Container Registry Application (appId: 76c92352-c057-4cc2-9b1e-f34c32bc58bd) • Azure Container Registry (appId: 6a0ec4d3-30cb-4a83-91c0-ae56bc0e3d26) • Azure Container Registry - Dataplane (appId: a3747411-ce7c-4888-9ddc-3a230786ca19) • asmcontainerimagescanner (appId: 918d0db8-4a38-4938-93c1-9313bdfe0272) • ACR-Tasks-Prod (appId: d2fa1650-4805-4a83-bcb9-cf41fe63539c) • ACR-Tasks-Network (appId: 62c559cd-db0c-4da0-bab2-972528c65d42)
All Azure RPs	• Microsoft Learn • AzResourceTypesAdvertizer (Microsoft only)

Resource provider (RP) - Microsoft ContainerRegistry [Microsoft.ContainerRegistry]

Microsoft.ContainerRegistry

RP display name

Microsoft ContainerRegistry

RP Resource types

Resource types: 82

RP aliases

RP aliases: 643

RP Azure Policy

Azure Policy definitions: 33
• if: 33
• then.deployment: 0
• then.details: 0
• then.existenceCondition: 0
• then.operations: 0

RP RBAC operations

RP RBAC operations: 123
• RP RBAC operationType action: 21
• RP RBAC operationType delete: 22
• RP RBAC operationType read: 50
• RP RBAC operationType write: 30

RP RBAC Roles & Operation actions

Unique RBAC Roles: 39
• RBAC Roles with action operationType: 10
• RBAC Roles with delete operationType: 13
• RBAC Roles with read operationType: 37
• RBAC Roles with write operationType: 18

RP related 1st party Service Principals

RP related 1st party Service Principals: 7
• Microsoft Container Registry (appId: a4c95b9e-3994-40cc-8953-5dc66d48348d)
• Azure Container Registry Application (appId: 76c92352-c057-4cc2-9b1e-f34c32bc58bd)
• Azure Container Registry (appId: 6a0ec4d3-30cb-4a83-91c0-ae56bc0e3d26)
• Azure Container Registry - Dataplane (appId: a3747411-ce7c-4888-9ddc-3a230786ca19)
• asmcontainerimagescanner (appId: 918d0db8-4a38-4938-93c1-9313bdfe0272)
• ACR-Tasks-Prod (appId: d2fa1650-4805-4a83-bcb9-cf41fe63539c)
• ACR-Tasks-Network (appId: 62c559cd-db0c-4da0-bab2-972528c65d42)

All Azure RPs

• Microsoft Learn
• AzResourceTypesAdvertizer (Microsoft only)

RT information

microsoft.containerregistry/registries

RT display name

Registries

RT type only
(without RP)

registries

RT sub- Resource types

sub-Resource types: 74

RT schema

RT schema API versions: 18

• 2025-03-01-preview
• 2024-11-01-preview
• 2023-11-01-preview
• 2023-08-01-preview
• 2023-07-01
• 2023-06-01-preview
• 2023-01-01-preview
• 2022-12-01
• 2022-02-01-preview
• 2021-12-01-preview
• 2021-09-01
• 2021-08-01-preview
• 2021-06-01-preview
• 2020-11-01-preview
• 2019-12-01-preview
• 2019-05-01
• 2017-10-01
• 2017-03-01

All Microsoft Azure RTs

AzResourceTypesAdvertizer

Aliases and Azure Policy

Aliases

aliases: 211

Azure Policy

Azure Policy definitions: 29
• if: 29
• then.deployment: 0
• then.details: 0
• then.existenceCondition: 0
• then.operations: 0

RBAC Operations and Roles & Roles related operation actions

RBAC operations

RBAC operations: 10
• RBAC operationType action: 7
• RBAC operationType delete: 1
• RBAC operationType read: 1
• RBAC operationType write: 1

RBAC Roles & Operation actions

Unique RBAC Roles: 23
• RBAC Roles with action operationType: 7
• RBAC Roles with delete operationType: 6
• RBAC Roles with read operationType: 22
• RBAC Roles with write operationType: 6

Capabilities & Locations

Diagnostic logs

True
log-categories

Azure Resource Diagnostic settings metrics

Diagnostic metrics

True
metrics

Customer-managed key (CMK) [experimental]

True
• Microsoft Learn
• Enforce Encryption with a customer-managed key (CMK) at scale

System-Assigned-Resource-Identity

True

Cross-ResourceGroup-Resource-Move

True

Cross-Subscription-Resource-Move

True

Tags

True

Extension

False

Private-Endpoint

True

Supported Locations for Private-Endpoint

Supported Locations for Private-Endpoint: 44
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, jioindiawest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3

Non supported Locations for Private-Endpoint

Non supported Locations for Private-Endpoint: 14
brazilus, eastusstg, centraluseuap, eastus2euap, southcentralusstg, southafricawest, australiacentral2, jioindiacentral, francesouth, germanynorth, norwaywest, switzerlandwest, uaecentral, brazilsoutheast

Location

True

Locations

Locations: 49
australiacentral, australiacentral2, australiaeast, australiasoutheast, brazilsouth, brazilsoutheast, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, francesouth, germanynorth, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, norwaywest, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, switzerlandwest, uaecentral, uaenorth, uksouth, ukwest, westcentralus, westeurope, westus, westus2, westus3

Not locations

Not locations: 48
asia, asiapacific, australia, brazil, brazilus, canada, centraluseuap, centralusstage, eastasiastage, eastus2euap, eastus2stage, eastusstage, eastusstg, europe, france, germany, global, india, indonesia, israel, italy, japan, jioindiacentral, jioindiawest, korea, mexico, newzealand, northcentralusstage, norway, poland, qatar, singapore, southafrica, southafricawest, southcentralusstage, southcentralusstg, southeastasiastage, spain, sweden, switzerland, taiwan, uae, uk, unitedstates, unitedstateseuap, westindia, westus2stage, westusstage

Assessment tooling

Azure Advisor

Azure Advisor recommendations: 6
• HighAvailability [High] Ensure Geo-replication is enabled for resilience
• HighAvailability [High] Use Premium tier for critical production workloads
• Security [High] Azure registry container images should have vulnerabilities resolved
• Security [Low] [Enable if required] Container registries should be encrypted with a customer-managed key (CMK)
• Security [Medium] Container registries should not allow unrestricted network access
• Security [Medium] Container registries should use private link

Azure Proactive Resilience Library v2 (APRLv2)

Azure Proactive Resilience Library v2 recommendations: 8

• DisasterRecovery [High] Create container registries with geo-replication enabled
• DisasterRecovery [Low] Enable soft delete policy
• HighAvailability [High] Use Premium tier for critical production workloads
• HighAvailability [Medium] Enable zone redundancy
• MonitoringAndAlerting [Medium] Configure Diagnostic Settings for all Azure Container Registries
• MonitoringAndAlerting [Medium] Monitor Azure Container Registry with Azure Monitor
• OtherBestPractices [Medium] Use Repository namespaces
• OtherBestPractices [Medium] Disable anonymous pull access

PSRule for Azure

PSRule for Azure rules: 13

• Cost Optimization [Important] Configure ACR retention policies
• Cost Optimization [Important] Container registry storage usage
• Operational Excellence [Awareness] Use valid registry names
• Reliability [Important] Container Registry does not replica images to a secondary region
• Reliability [Important] Use ACR production SKU
• Reliability [Important] Use ACR soft delete policy
• Security [Critical] Container Registry images are not scanned regularly for vulnerabilities
• Security [Critical] Container Registry local admin account is enabled
• Security [Critical] Remove vulnerable container images
• Security [Important] Container Registry anonymous pull access is enabled
• Security [Important] Container Registry service firewall is not restricted
• Security [Important] Use container image quarantine pattern
• Security [Important] Use trusted container images

Azure Quick Review (AZQR)

Azure Quick Review (AZQR) recommendations: 14

• DisasterRecovery [High] Create container registries with geo-replication enabled
• DisasterRecovery [Low] Enable soft delete policy
• Governance [Low] ContainerRegistry Name should comply with naming conventions
• Governance [Low] ContainerRegistry should have tags
• Governance [Low] Move Container Registry to a dedicated resource group
• Governance [Medium] ContainerRegistry should use retention policies
• HighAvailability [High] ContainerRegistry should have a SLA
• HighAvailability [Medium] Enable zone redundancy
• MonitoringAndAlerting [Low] ContainerRegistry should have diagnostic settings enabled
• Scalability [High] Use Premium tier for critical production workloads
• Scalability [Medium] Manage registry size
• Security [High] ContainerRegistry should have private endpoints enabled
• Security [Medium] ContainerRegistry should have the Administrator account disabled
• Security [Medium] Disable anonymous pull access

Infrastructure as Code (IaC)

ARM (Azure Resource Manager) templates

ARM (Azure Resource Manager) template API versions: 19
• latest

• 2025-04-01
• 2025-03-01-preview
• 2024-11-01-preview
• 2023-11-01-preview
• 2023-08-01-preview
• 2023-07-01
• 2023-06-01-preview
• 2023-01-01-preview
• 2022-12-01
• 2022-02-01-preview
• 2021-12-01-preview
• 2021-09-01
• 2021-08-01-preview
• 2021-06-01-preview
• 2020-11-01-preview
• 2019-12-01-preview
• 2019-05-01
• 2017-10-01
• 2017-03-01

Bicep templates

Bicep template API versions: 19
• latest

Terraform provider

Terraform providers: 2
• container_registry
• container_registry_token_password

AzAPI Terraform templates

AzAPI Terraform template API versions: 19
• latest

Pulumi provider

Pulumi providers: 1
• containerregistry/registry

OpenTofu provider

OpenTofu TF providers: 2
• container_registry
• container_registry_token_password

Azure Verified Modules (AVM) Bicep

Azure Container Registry (ACR)

Azure Verified Modules (AVM) Terraform

• GitHub: Azure Container Registry (ACR)
• Terraform registry: Azure Container Registry (ACR)

REST-API (Representational State Transfer - Application Programming Interface)

REST-API versions

REST-API versions: 20

• 2025-04-01
• 2025-03-01-preview
• 2024-11-01-preview
• 2024-01-01-preview
• 2023-11-01-preview
• 2023-08-01-preview
• 2023-07-01
• 2023-06-01-preview
• 2023-01-01-preview
• 2022-12-01
• 2022-02-01-preview
• 2021-12-01-preview
• 2021-09-01
• 2021-08-01-preview
• 2021-06-01-preview
• 2020-11-01-preview
• 2019-12-01-preview
• 2019-05-01
• 2017-10-01
• 2017-03-01

REST-API version default

n/a

API profiles

n/a

Resource naming

Azure Naming Tool

The Azure Naming Tool was created to help administrators define and manage their naming conventions, while providing a simple interface for users to generate a compliant name.

Resource naming details

{
  "property": "",
  "ShortName": "cr",
  "scope": "global",
  "lengthMin": "5",
  "lengthMax": "50",
  "validText": "Alphanumerics.",
  "invalidText": "",
  "invalidCharacters": "",
  "invalidCharactersStart": "",
  "invalidCharactersEnd": "",
  "invalidCharactersConsecutive": "",
  "regx": "^[a-zA-Z0-9]{5,50}$",
  "staticValues": ""
}

Registries - Microsoft Azure Resource typemicrosoft.containerregistry/registries

Registries - Microsoft Azure Resource type
microsoft.containerregistry/registries