-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
LogAnalyticsWorkspaces_DisableLocalAuth_Deny.json
50 lines (50 loc) · 1.44 KB
/
LogAnalyticsWorkspaces_DisableLocalAuth_Deny.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Log Analytics Workspaces should block non-Azure Active Directory based ingestion.",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Enforcing log ingestion to require Azure Active Directory authentication prevents unauthenticated logs from an attacker which could lead to incorrect status, false alerts, and incorrect logs stored in the system.",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Deny",
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.OperationalInsights/workspaces/features.disableLocalAuth",
"notEquals": "true"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/e15effd4-2278-4c65-a0da-4d6f6d1890e2",
"name": "e15effd4-2278-4c65-a0da-4d6f6d1890e2"
}