AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Bot Service endpoint should be a valid HTTPS URI

Azure BuiltIn Policy definition

Source Azure Portal
Display name Bot Service endpoint should be a valid HTTPS URI
Id 6164527b-e1ee-4882-8673-572f425f5e0a
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Bot Service
Microsoft Learn
Description Data can be tampered with during transmission. Protocols exist that provide encryption to address problems of misuse and tampering. To ensure your bots are communicating only over encrypted channels, set the endpoint to a valid HTTPS URI. This ensures the HTTPS protocol is used to encrypt your data in transit and is also often a requirement for compliance with regulatory or industry standards. Please visit: https://docs.microsoft.com/azure/bot-service/bot-builder-security-guidelines.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.1.0'
Repository: Azure-Policy 6164527b-e1ee-4882-8673-572f425f5e0a
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.BotService/botServices/endpoint Microsoft.BotService botServices properties.endpoint True False
Rule resource types IF (1)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Bot Service endpoint should be a valid HTTPS URI' (6164527b-e1ee-4882-8673-572f425f5e0a)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Data Protection DP-3 Encrypt sensitive data in transit Shared **Security Principle:** Protect the data in transit against 'out of band' attacks (such as traffic capture) using encryption to ensure that attackers cannot easily read or modify the data. Set the network boundary and service scope where data in transit encryption is mandatory inside and outside of the network. While this is optional for traffic on private networks, this is critical for traffic on external and public networks. **Azure Guidance:** Enforce secure transfer in services such as Azure Storage, where a native data in transit encryption feature is built in. Enforce HTTPS for workload web application and services by ensuring that any clients connecting to your Azure resources use transportation layer security (TLS) v1.2 or later. For remote management of VMs, use SSH (for Linux) or RDP/TLS (for Windows) instead of an unencrypted protocol. Note: Data in transit encryption is enabled for all Azure traffic traveling between Azure datacenters. TLS v1.2 or later is enabled on most Azure PaaS services by default. **Implementation and additional context:** Double encryption for Azure data in transit: https://docs.microsoft.com/azure/security/fundamentals/double-encryption#data-in-transit Understand encryption in transit with Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-overview#encryption-of-data-in-transit Information on TLS Security: https://docs.microsoft.com/security/engineering/solving-tls1-problem Enforce secure transfer in Azure storage: https://docs.microsoft.com/azure/storage/common/storage-require-secure-transfer?toc=/azure/storage/blobs/toc.json#require-secure-transfer-for-a-new-storage-account n/a link 31
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Microsoft cloud security benchmark v2 e3ec7e09-768c-4b64-882c-fcada3772047 Security Center Preview BuiltIn unknown
Enforce recommended guardrails for Bot Service Enforce-Guardrails-BotService Bot Service GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.1 > 1.1.0)
2021-01-27 16:54:46 change Patch (1.0.0 > 1.0.1)
2021-01-05 16:06:49 add 6164527b-e1ee-4882-8673-572f425f5e0a
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC