-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Account_ManagedIdentity_Audit.json
57 lines (57 loc) · 1.56 KB
/
Account_ManagedIdentity_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
"properties": {
"displayName": "Automation Account should have Managed Identity",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Use Managed Identities as the recommended method for authenticating with Azure resources from the runbooks. Managed identity for authentication is more secure and eliminates the management overhead associated with using RunAs Account in your runbook code .",
"metadata": {
"version": "1.0.0",
"category": "Automation"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Automation/automationAccounts"
},
{
"anyOf": [
{
"field": "identity.type",
"exists": "false"
},
{
"field": "identity.type",
"contains": "None"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0",
"name": "dea83a72-443c-4292-83d5-54a2f98749c0"
}