/
NetworkPublicIPNic_Deny.json
38 lines (38 loc) · 1.17 KB
/
NetworkPublicIPNic_Deny.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
"properties": {
"displayName": "Network interfaces should not have public IPs",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.",
"metadata": {
"version": "1.0.0",
"category": "Network"
},
"version": "1.0.0",
"parameters": {},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/networkInterfaces"
},
{
"not": {
"field": "Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id",
"notLike": "*"
}
}
]
},
"then": {
"effect": "deny"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
"name": "83a86a26-fd1f-447c-b59d-e51f44264114"
}