-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Azure Policy Bot
committed
Dec 26, 2023
1 parent
0d4848a
commit 0d7285b
Showing
8 changed files
with
252 additions
and
12 deletions.
There are no files selected for viewing
47 changes: 47 additions & 0 deletions
47
...in-policies/policyDefinitions/API Management/ApiManagement_PlatformVersion_AuditDeny.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"properties": { | ||
"displayName": "Azure API Management platform version should be stv2", | ||
"policyType": "BuiltIn", | ||
"mode": "Indexed", | ||
"description": "Azure API Management stv1 compute platform version will be retired effective 31 August 2024, and these instances should be migrated to stv2 compute platform for continued support. Learn more at https://learn.microsoft.com/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024", | ||
"metadata": { | ||
"version": "1.0.0", | ||
"category": "API Management" | ||
}, | ||
"version": "1.0.0", | ||
"parameters": { | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Deny", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.ApiManagement/service" | ||
}, | ||
{ | ||
"field": "Microsoft.ApiManagement/service/platformVersion", | ||
"equals": "stv1" | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} | ||
}, | ||
"id": "/providers/Microsoft.Authorization/policyDefinitions/1dc2fc00-2245-4143-99f4-874c937f13ef", | ||
"name": "1dc2fc00-2245-4143-99f4-874c937f13ef" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
built-in-policies/policyDefinitions/ElasticSan/ElasticSan_VolumeGroup_Encryption_Audit.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"properties": { | ||
"displayName": "ElasticSan Volume Group should use customer-managed keys to encrypt data at rest", | ||
"policyType": "BuiltIn", | ||
"mode": "All", | ||
"description": "Use customer-managed keys to manage the encryption at rest of your VolumeGroup. By default, customer data is encrypted with platform-managed keys, but CMKs are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you, with full control and responsibility, including rotation and management.", | ||
"metadata": { | ||
"version": "1.0.0", | ||
"category": "ElasticSan" | ||
}, | ||
"version": "1.0.0", | ||
"parameters": { | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.ElasticSan/elasticSans/volumeGroups" | ||
}, | ||
{ | ||
"field": "Microsoft.ElasticSan/elasticSans/volumeGroups/encryption", | ||
"notEquals": "EncryptionAtRestWithCustomerManagedKey" | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} | ||
}, | ||
"id": "/providers/Microsoft.Authorization/policyDefinitions/7698f4ed-80ce-4e13-b408-ee135fa400a5", | ||
"name": "7698f4ed-80ce-4e13-b408-ee135fa400a5" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
80 changes: 80 additions & 0 deletions
80
...licies/policyDefinitions/Security Center/DeployAtpOnPostgreSqlFlexibleServers_Deploy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
{ | ||
"properties": { | ||
"displayName": "Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL flexible servers", | ||
"policyType": "BuiltIn", | ||
"mode": "Indexed", | ||
"description": "Enable Advanced Threat Protection on your Azure database for PostgreSQL flexible servers to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.", | ||
"metadata": { | ||
"version": "1.0.0", | ||
"category": "Security Center" | ||
}, | ||
"version": "1.0.0", | ||
"parameters": { | ||
"effect": { | ||
"type": "string", | ||
"defaultValue": "DeployIfNotExists", | ||
"allowedValues": [ | ||
"DeployIfNotExists", | ||
"Disabled" | ||
], | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
} | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"field": "type", | ||
"equals": "Microsoft.DBforPostgreSQL/flexibleservers" | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]", | ||
"details": { | ||
"type": "Microsoft.DBforPostgreSQL/flexibleservers/advancedThreatProtectionSettings", | ||
"name": "Default", | ||
"evaluationDelay": "AfterProvisioning", | ||
"existenceCondition": { | ||
"field": "Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/state", | ||
"equals": "Enabled" | ||
}, | ||
"roleDefinitionIds": [ | ||
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" | ||
], | ||
"deployment": { | ||
"properties": { | ||
"mode": "incremental", | ||
"template": { | ||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"serverName": { | ||
"type": "string" | ||
} | ||
}, | ||
"variables": {}, | ||
"resources": [ | ||
{ | ||
"name": "[concat(parameters('serverName'), '/Default')]", | ||
"type": "Microsoft.DBforPostgreSQL/flexibleservers/advancedThreatProtectionSettings", | ||
"apiVersion": "2023-06-01-preview", | ||
"properties": { | ||
"state": "Enabled" | ||
} | ||
} | ||
] | ||
}, | ||
"parameters": { | ||
"serverName": { | ||
"value": "[field('name')]" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
}, | ||
"id": "/providers/Microsoft.Authorization/policyDefinitions/2a6ae02f-7590-40d7-88ba-b18e205a32fd", | ||
"name": "2a6ae02f-7590-40d7-88ba-b18e205a32fd" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters