-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
RequireLatestTls_WebApp_Slot_Audit.json
57 lines (57 loc) · 1.67 KB
/
RequireLatestTls_WebApp_Slot_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
"properties": {
"displayName": "App Service app slots should use the latest TLS version",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.",
"metadata": {
"version": "1.0.0",
"category": "App Service"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites/slots"
},
{
"field": "kind",
"notContains": "functionapp"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/slots/config",
"name": "web",
"existenceCondition": {
"field": "Microsoft.Web/sites/slots/config/minTlsVersion",
"equals": "1.2"
}
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/4ee5b817-627a-435a-8932-116193268172",
"name": "4ee5b817-627a-435a-8932-116193268172"
}