/
Workspace_PublicNetworkAccessDisabled_Audit.json
58 lines (58 loc) · 1.81 KB
/
Workspace_PublicNetworkAccessDisabled_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{
"properties": {
"displayName": "Azure Machine Learning Workspaces should disable public network access",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disabling public network access improves security by ensuring that the Machine Learning Workspaces aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. Learn more at: https://learn.microsoft.com/azure/machine-learning/how-to-configure-private-link?view=azureml-api-2&tabs=azure-portal.",
"metadata": {
"version": "2.0.1",
"category": "Machine Learning"
},
"version": "2.0.1",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.MachineLearningServices/workspaces"
},
{
"anyOf": [
{
"field": "Microsoft.MachineLearningServices/workspaces/publicNetworkAccess",
"exists": "false"
},
{
"field": "Microsoft.MachineLearningServices/workspaces/publicNetworkAccess",
"notEquals": "Disabled"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"2.0.1"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce",
"name": "438c38d2-3772-465a-a9cc-7a6666a275ce"
}