-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
StorageAccountMinimumTLSVersion_Audit.json
71 lines (71 loc) · 2.03 KB
/
StorageAccountMinimumTLSVersion_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
{
"properties": {
"displayName": "Storage accounts should have the specified minimum TLS version",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Configure a minimum TLS version for secure communication between the client application and the storage account. To minimize security risk, the recommended minimum TLS version is the latest released version, which is currently TLS 1.2.",
"metadata": {
"version": "1.0.0",
"category": "Storage"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the audit policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
},
"minimumTlsVersion": {
"type": "String",
"metadata": {
"displayName": "Minimum TLS Version",
"description": "Minimum version of TLS required to access data in this storage account"
},
"allowedValues": [
"TLS1_0",
"TLS1_1",
"TLS1_2"
],
"defaultValue": "TLS1_2"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"anyOf": [
{
"field": "Microsoft.Storage/storageAccounts/minimumTlsVersion",
"notEquals": "[parameters('minimumTlsVersion')]"
},
{
"field": "Microsoft.Storage/storageAccounts/minimumTlsVersion",
"exists": "false"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0",
"name": "fe83a0eb-a853-422d-aac2-1bffd182c5d0"
}