AzPolicyAdvertizer

last sync: 2025-May-23 18:27:10 UTC

Azure Cosmos DB allowed locations

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Cosmos DB allowed locations
Id 0473574d-2d43-4217-aefe-941fcdf7e684
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Cosmos DB
Microsoft Learn
Description This policy enables you to restrict the locations your organization can specify when deploying Azure Cosmos DB resources. Use to enforce your geo-compliance requirements.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DocumentDB/databaseAccounts/Locations[*] Microsoft.DocumentDB databaseAccounts properties.Locations[*] True False
Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName Microsoft.DocumentDB databaseAccounts properties.Locations[*].locationName True False
Rule resource types IF (1)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Azure Cosmos DB allowed locations' (0473574d-2d43-4217-aefe-941fcdf7e684)
Rows: 1-1 / 1

Columns:

Close

Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
SO .1 - Data Residency SO.1 - Data Residency 404 not found n/a n/a 3
Initiatives usage
Rows: 1-2 / 2
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Sovereignty Baseline - Confidential Policies 03de05a4-c324-4ccd-882f-a814ea8ab9ea Regulatory Compliance GA BuiltIn unknown
Sovereignty Baseline - Global Policies c1cbff38-87c0-4b9f-9f70-035c7a3b5523 Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.0 > 1.1.0)
2020-03-17 09:22:59 add 0473574d-2d43-4217-aefe-941fcdf7e684
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "This policy enables you to restrict the locations your organization can specify when deploying Azure Cosmos DB resources. Use to enforce your geo-compliance requirements.",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Cosmos DB"
9
  },
10
  "parameters": {
11
  "listOfAllowedLocations": {
@@ -22,13 +22,16 @@
22
  "displayName": "Policy Effect",
23
  "description": "The desired effect of the policy."
24
  },
25
  "allowedValues": [
 
 
26
  "deny",
27
- "audit",
28
- "disabled"
 
29
  ],
30
- "defaultValue": "deny"
31
  }
32
  },
33
  "policyRule": {
34
  "if": {
 
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "This policy enables you to restrict the locations your organization can specify when deploying Azure Cosmos DB resources. Use to enforce your geo-compliance requirements.",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Cosmos DB"
9
  },
10
  "parameters": {
11
  "listOfAllowedLocations": {
 
22
  "displayName": "Policy Effect",
23
  "description": "The desired effect of the policy."
24
  },
25
  "allowedValues": [
26
+ "audit",
27
+ "Audit",
28
  "deny",
29
+ "Deny",
30
+ "disabled",
31
+ "Disabled"
32
  ],
33
+ "defaultValue": "Deny"
34
  }
35
  },
36
  "policyRule": {
37
  "if": {
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "Azure Cosmos DB allowed locations",
  • policyType: "BuiltIn",
  • mode: "Indexed",
  • description: "This policy enables you to restrict the locations your organization can specify when deploying Azure Cosmos DB resources. Use to enforce your geo-compliance requirements.",
  • metadata: {2 items
    • version: "1.1.0",
    • category: "Cosmos DB"
    },
  • parameters: {2 items},
  • policyRule: {2 items
    • if: {1 item
      • allOf: [2 items
        • {2 items
          • field: "type",
          • equals: "Microsoft.DocumentDB/databaseAccounts"
          },
        • {2 items
          • count: {2 items
            • field: "Microsoft.DocumentDB/databaseAccounts/Locations[*]",
            • where: {2 items
              • value: 🔍"[
    replace(
        toLower(
            first(
                field('Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName')
            )
        ),
       '',
        ''
    )
]",
              • in: "[parameters('listOfAllowedLocations')]"
              }
            },
          • notEquals: 🔍"[
    length(
        field('Microsoft.DocumentDB/databaseAccounts/Locations[*]')
    )
]"
          }
        ]
      },
    • then: {1 item
      • effect: "[parameters('policyEffect')]"
      }
    }
}