/
DisablePrivateEndpoint_Deny.json
107 lines (107 loc) · 3.01 KB
/
DisablePrivateEndpoint_Deny.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
{
"properties": {
"displayName": "App Service apps should use a SKU that supports private link",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "With supported SKUs, Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to apps, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/private-link.",
"metadata": {
"version": "4.1.0",
"category": "App Service"
},
"version": "4.1.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/serverFarms"
},
{
"allOf": [
{
"field": "Microsoft.Web/serverFarms/sku.tier",
"notIn": [
"Basic",
"Standard",
"ElasticPremium",
"Premium",
"PremiumV2",
"Premium0V3",
"PremiumV3",
"PremiumMV3",
"Isolated",
"IsolatedV2",
"WorkflowStandard"
]
},
{
"field": "Microsoft.Web/serverFarms/sku.name",
"notIn": [
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"EP1",
"EP2",
"EP3",
"P1",
"P2",
"P3",
"P1V2",
"P2V2",
"P3V2",
"P0V3",
"P1V3",
"P2V3",
"P3V3",
"P1MV3",
"P2MV3",
"P3MV3",
"P4MV3",
"P5MV3",
"I1",
"I2",
"I3",
"I1V2",
"I2V2",
"I3V2",
"I4V2",
"I5V2",
"I6V2",
"WS1",
"WS2",
"WS3"
]
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"4.1.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5",
"name": "546fe8d2-368d-4029-a418-6af48a7f61e5"
}