-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Arc_PrivateLinkScope_PublicAccess_Deny.json
50 lines (50 loc) · 1.45 KB
/
Arc_PrivateLinkScope_PublicAccess_Deny.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Azure Arc Private Link Scopes should disable public network access",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disabling public network access improves security by ensuring that Azure Arc resources cannot connect via the public internet. Creating private endpoints can limit exposure of Azure Arc resources. Learn more at: https://aka.ms/arc/privatelink.",
"metadata": {
"version": "1.0.0",
"category": "Azure Arc"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/privateLinkScopes"
},
{
"field": "Microsoft.HybridCompute/privateLinkScopes/publicNetworkAccess",
"notEquals": "Disabled"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/898f2439-3333-4713-af25-f1d78bc50556",
"name": "898f2439-3333-4713-af25-f1d78bc50556"
}