/
Storage_AuditForHTTPSEnabled_Audit.json
66 lines (66 loc) · 2.03 KB
/
Storage_AuditForHTTPSEnabled_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
"properties": {
"displayName": "Secure transfer to storage accounts should be enabled",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
"metadata": {
"version": "2.0.0",
"category": "Storage"
},
"version": "2.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[requestContext().apiVersion]",
"less": "2019-04-01"
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"exists": "false"
}
]
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"equals": "false"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"2.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
"name": "404c3081-a854-4457-ae30-26a93ef643f9"
}