Network Contributor

Azure BuiltIn RBAC Role definition

Policy DisplayName

Policy Id

Category

State

[Preview]: Configure Azure Key Vault Managed HSM with private endpoints

d1d6d8bb-cc7c-420f-8c7d-6f6f5279a844

Key Vault

Preview

[Preview]: Configure Azure Recovery Services vaults to use private DNS zones

942bd215-1a66-44be-af65-6a1c0318dbe2

Site Recovery

Preview

[Preview]: Configure private endpoints on Azure Recovery Services vaults

e95a8a5c-0987-421f-84ab-df4d88ebf7d1

Site Recovery

Preview

[Preview]: Configure Recovery Services vaults to use private DNS zones for backup

af783da1-4ad1-42be-800d-d19c70038820

Backup

Preview

[Preview]: Configure Recovery Services vaults to use private endpoints for backup

8015d6ed-3641-4534-8d0b-5c67b67ff7de

Backup

Preview

Configure a private DNS Zone ID for blob groupID

75973700-529f-4de2-b794-fb9b6781b6b0

Storage

Configure a private DNS Zone ID for blob_secondary groupID

d847d34b-9337-4e2d-99a5-767e5ac9c582

Storage

Configure a private DNS Zone ID for dfs groupID

83c6fe0f-2316-444a-99a1-1ecd8a7872ca

Storage

Configure a private DNS Zone ID for dfs_secondary groupID

90bd4cb3-9f59-45f7-a6ca-f69db2726671

Storage

Configure a private DNS Zone ID for file groupID

6df98d03-368a-4438-8730-a93c4d7693d6

Storage

Configure a private DNS Zone ID for queue groupID

bcff79fb-2b0d-47c9-97e5-3023479b00d1

Storage

Configure a private DNS Zone ID for queue_secondary groupID

da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6

Storage

Configure a private DNS Zone ID for table groupID

028bbd88-e9b5-461f-9424-a1b63a7bee1a

Storage

Configure a private DNS Zone ID for table_secondary groupID

c1d634a5-f73d-4cdd-889f-2cc7006eb47f

Storage

Configure a private DNS Zone ID for web groupID

9adab2a5-05ba-4fbd-831a-5bf958d04218

Storage

Configure a private DNS Zone ID for web_secondary groupID

d19ae5f1-b303-4b82-9ca8-7682749faf0c

Storage

Configure App Service app slots to disable public network access

c6c3e00e-d414-4ca4-914f-406699bb8eee

App Service

Configure App Service apps to disable public network access

2374605e-3e0b-492b-9046-229af202562c

App Service

Configure App Service apps to use private DNS zones

b318f84a-b872-429b-ac6d-a01b96814452

App Service

Configure Azure Arc Private Link Scopes to use private DNS zones

55c4db33-97b0-437b-8469-c4f4498f5df9

Azure Arc

Configure Azure Arc Private Link Scopes with private endpoints

d6eeba80-df61-4de5-8772-bc1b7852ba6b

Azure Arc

Configure Azure Automation accounts with private DNS zones

6dd01e4f-1be1-4e80-9d0b-d109e04cb064

Automation

Configure Azure Cache for Redis to use private DNS zones

e016b22b-e0eb-436d-8fd7-160c4eaed6e2

Cache

Configure Azure Cognitive Search services to disable public network access

9cee519f-d9c1-4fd9-9f79-24ec3449ed30

Configure Azure Cognitive Search services to use private DNS zones

fbc14a67-53e4-4932-abcc-2049c6706009

Configure Azure Cognitive Search services with private endpoints

b698b005-b660-4837-b833-a7aaab26ddba

Configure Azure Data Explorer clusters with private endpoints

a47272e1-1d5d-4b0b-b366-4873f1432fe0

Azure Data Explorer

Configure Azure Databricks workspace to use private DNS zones

0eddd7f3-3d9b-4927-a07a-806e8ac9486c

Azure Databricks

Configure Azure Device Update for IoT Hub accounts to use private DNS zones

a222b93a-e6c2-4c01-817f-21e092455b2a

Internet of Things

Configure Azure Device Update for IoT Hub accounts with private endpoint

5b9d063f-c5fd-4750-a489-1258d1fefcbf

Internet of Things

Configure Azure Event Grid namespace MQTT broker with private endpoints

cddcbb7e-a7b1-4380-b4d8-45cf77b0d561

Event Grid

Configure Azure Event Grid namespaces with private endpoints

2b21ce34-9c45-4037-9c84-0ac0dbd0095f

Event Grid

Configure Azure File Sync to use private DNS zones

06695360-db88-47f6-b976-7500d4297475

Storage

Configure Azure HDInsight clusters to use private DNS zones

43d6e3bd-fc6a-4b44-8b4d-2151d8736a11

HDInsight

Configure Azure Key Vaults to use private DNS zones

ac673a9a-f77d-4846-b2d8-a57f8e1c01d4

Key Vault

Configure Azure Key Vaults with private endpoints

9d4fad1f-5189-4a42-b29e-cf7929c6b6df

Key Vault

Configure Azure Machine Learning workspace to use private DNS zones

ee40564d-486e-4f68-a5ca-7a621edae0fb

Machine Learning

Configure Azure Machine Learning workspaces with private endpoints

7838fd83-5cbb-4b5d-888c-bfa240972597

Machine Learning

Configure Azure Managed Grafana workspaces to use private DNS zones

4c8537f8-cd1b-49ec-b704-18e82a42fd58

Managed Grafana

Configure Azure Media Services to use private DNS zones

b4a7f6c1-585e-4177-ad5b-c2c93f4bb991

Media Services

Configure Azure Media Services with private endpoints

c5632066-946d-4766-9544-cd79bcc1286e

Media Services

Configure Azure Migrate resources to use private DNS zones

7590a335-57cf-4c95-babd-ecbc8fafeb1f

Migrate

Configure Azure Monitor Private Link Scope to use private DNS zones

437914ee-c176-4fff-8986-7e05eb971365

Monitoring

Configure Azure SQL Server to enable private endpoint connections

8e8ca470-d980-4831-99e6-dc70d9f6af87

SQL

Configure Azure Synapse workspaces to use private DNS zones

1e5ed725-f16c-478b-bd4b-7bfa2f7940b9

Synapse

Configure Azure Virtual Desktop hostpool resources to use private DNS zones

9427df23-0f42-4e1e-bf99-a6133d841c4a

Desktop Virtualization

Configure Azure Virtual Desktop workspace resources to use private DNS zones

34804460-d88b-4922-a7ca-537165e060ed

Desktop Virtualization

Configure Azure Web PubSub Service to use private DNS zones

0b026355-49cb-467b-8ac4-f777874e175a

Web PubSub

Configure Azure Web PubSub Service with private endpoints

1b9c0b58-fc7b-42c8-8010-cdfa1d1b8544

Web PubSub

Configure BotService resources to use private DNS zones

6a4e6f44-f2af-4082-9702-033c9e88b9f8

Bot Service

Configure BotService resources with private endpoints

29261f8e-efdb-4255-95b8-8215414515d6

Bot Service

Configure Cognitive Services accounts to use private DNS zones

c4bc6f10-cb41-49eb-b000-d5ab82e2a091

Cognitive Services

Configure Cognitive Services accounts with private endpoints

db630ad5-52e9-4f4d-9c44-53912fe40053

Cognitive Services

Configure Container registries to use private DNS zones

e9585a95-5b8c-4d03-b193-dc7eb5ac4c32

Container Registry

Configure CosmosDB accounts to use private DNS zones

a63cc0bd-cda4-4178-b705-37dc439d3e0f

Cosmos DB

Configure disk access resources to use private DNS zones

bc05b96c-0b36-4ca9-82f0-5c53f96ce05a

Compute

Configure Event Hub namespaces to use private DNS zones

ed66d4f5-8220-45dc-ab4a-20d1749c74e6

Event Hub

Configure Event Hub namespaces with private endpoints

91678b7c-d721-4fc5-b179-3cdf74e96b1c

Event Hub

Configure Function app slots to disable public network access

242222f3-4985-4e99-b5ef-086d6a6cb01c

App Service

Configure Function apps to disable public network access

cd794351-e536-40f4-9750-503a463d8cad

App Service

Configure private DNS zones for private endpoints connected to App Configuration

7a860e27-9ca2-4fc6-822d-c2d248c300df

App Configuration

Configure private DNS zones for private endpoints that connect to Azure Data Factory

86cd96e1-1745-420d-94d4-d3f2fe415aa4

Data Factory

Configure private endpoint connections on Azure Automation accounts

c0c3130e-7dda-4187-aed0-ee4a472eaa60

Automation

Configure private endpoints for Data factories

496ca26b-f669-4322-a1ad-06b7b5e41882

Data Factory

Configure private endpoints to Azure SignalR Service

ef45854f-b33f-49a3-8041-9057e915d88f

SignalR

Configure Private Link for Azure AD to use private DNS zones

7e4301f9-5f32-4738-ad9f-7ec2d15563ad

Azure Active Directory

Configure Service Bus namespaces to use private DNS zones

f0fcf93c-c063-4071-9668-c47474bd3564

Service Bus

Configure Service Bus namespaces with private endpoints

7d890f7f-100c-473d-baa1-2777e2266535

Service Bus

Configure Storage account to use a private link connection

9f766f00-8d11-464e-80e1-4091d7874074

Storage

Deploy - Configure Azure Event Grid domains to use private DNS zones

d389df0a-e0d7-4607-833c-75a6fdac2c2d

Event Grid

Deploy - Configure Azure Event Grid domains with private endpoints

36f4658a-848a-467b-881c-e6fa20cf75fc

Event Grid

Deploy - Configure Azure Event Grid topics to use private DNS zones

baf19753-7502-405f-8745-370519b20483

Event Grid

Deploy - Configure Azure Event Grid topics with private endpoints

6fcec95c-fbdf-45e8-91e1-e3175d9c9eca

Event Grid

Deploy - Configure Azure IoT Hubs to use private DNS zones

c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02

Internet of Things

Deploy - Configure Azure IoT Hubs with private endpoints

bf684997-3909-404e-929c-d4a38ed23b2e

Internet of Things

Deploy - Configure IoT Central to use private DNS zones

d627d7c6-ded5-481a-8f2e-7e16b1e6faf6

Internet of Things

Deploy - Configure IoT Central with private endpoints

c854b0f0-02d0-4f94-9b42-fd175fbd4d49

Internet of Things

Deploy - Configure private DNS zones for private endpoints connect to Azure SignalR Service

b0e86710-7fb7-4a6c-a064-32e9b829509e

SignalR

Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts

4ec38ebc-381f-45ee-81a4-acbc4be878f8

Batch

Deploy network watcher when virtual networks are created

a9b99dd8-06c5-4317-8629-9d86a3c6e7d9

Network

Virtual networks should be protected by Azure DDoS Protection

94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d

Network