AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Deny vNet peering cross subscription.

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-VNET-Peer-Cross-Sub
Deploy policy Deny-VNET-Peer-Cross-Sub (1.1.0) to Azure
Display name Deny vNet peering cross subscription.
Id Deny-VNET-Peer-Cross-Sub
Version 1.1.0
Details on versioning
Category Network
Description This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id Microsoft.Network virtualNetworks/virtualNetworkPeerings properties.remoteVirtualNetwork.id True False
Rule resource types IF (1)
Microsoft.Network/virtualNetworks/virtualNetworkPeerings
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State
Enforce policies in the Sandbox Landing Zone Enforce-ALZ-Sandbox Sandbox GA
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-10-10 01:17:21 change Minor (1.0.1 > 1.1.0)
JSON compare
compare mode: version left: version right:
JSON
EPAC
Deploy policy Deny-VNET-Peer-Cross-Sub (1.1.0) to Azure