Policy-usedHide
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 2 3 4 of 4
Clear App Configuration App Service Attestation Automation Azure Arc Azure Databricks Batch Bot Service Cache Compute Container Registry Cosmos DB Data Factory Event Grid Internet of Things Key Vault Machine Learning Monitoring Search Service Bus SignalR SQL Storage Synapse Web PubSub Clear GA
Policy DisplayName
Policy Id
Category
Version
Versioning
Effect
Roles#
Roles
State
policy in AzUSGov
App Configuration should disable public network access
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration
1.0.0
1x Default Allowed 0
GA
unknown
App Service Environment apps should not be reachable over public internet
2d048aca-6479-4923-88f5-e2ac295d9af3 App Service
3.0.0
1x Default Allowed 0
GA
unknown
Application Insights components should block log ingestion and querying from public networks
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Monitoring
1.1.0
1x Default Allowed 0
GA
unknown
Automation accounts should disable public network access
955a914f-bf86-4f0e-acd5-e0766b0efcb6 Automation
1.0.0
1x Default Allowed 0
GA
unknown
Azure AI Search services should disable public network access
ee980b6d-0eca-4501-8d54-f6290fd512c3 Search
1.0.1
2x Default Allowed 0
GA
true
Azure Arc Private Link Scopes should disable public network access
898f2439-3333-4713-af25-f1d78bc50556 Azure Arc
1.0.0
1x Default Allowed 0
GA
unknown
Azure Attestation providers should disable public network access
5e7e928c-8693-4a23-9bf3-1c77b9a8fe97 Attestation
1.0.0
1x Default Allowed 0
GA
unknown
Azure Cache for Redis should disable public network access
470baccb-7e51-4549-8b1a-3e5be069f663 Cache
1.0.0
1x Default Allowed 0
GA
unknown
Azure Cosmos DB should disable public network access
797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB
1.0.0
1x Default Allowed 0
GA
true
Azure Databricks Workspaces should disable public network access
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks
1.0.1
1x Default Allowed 0
GA
true
Azure Event Grid domains should disable public network access
f8f774be-6aee-492a-9e29-486ef81f3a68 Event Grid
1.0.0
1x Default Allowed 0
GA
unknown
Azure Event Grid topics should disable public network access
1adadefe-5f21-44f7-b931-a59b54ccdb45 Event Grid
1.0.0
1x Default Allowed 0
GA
unknown
Azure Key Vault should disable public network access
405c5871-3e91-4644-8a63-58e19d68ff5b Key Vault
1.1.0
1x Default Allowed 0
GA
true
Azure Machine Learning Workspaces should disable public network access
438c38d2-3772-465a-a9cc-7a6666a275ce Machine Learning
2.0.1
1x Default Allowed 0
GA
true
Azure Monitor Private Link Scope should block access to non private link resources
a499fed8-bcc8-4195-b154-641f14743757 Monitoring
1.0.0
1x Default Allowed 0
GA
unknown
Azure SignalR Service should disable public network access
21a9766a-82a5-4747-abb5-650b6dbba6d0 SignalR
1.2.0
2x Default Allowed 0
GA
unknown
Azure Synapse workspaces should disable public network access
38d8df46-cf4e-4073-8e03-48c24b29de0d Synapse
1.0.0
1x Default Allowed 0
GA
unknown
Azure Web PubSub Service should disable public network access
bf45113f-264e-4a87-88f9-29ac8a0aca6a Web PubSub
1.0.0
1x Default Allowed 0
GA
unknown
Bot Service should have public network access disabled
5e8168db-69e3-4beb-9822-57cb59202a9d Bot Service
1.0.0
1x Default Allowed 0
GA
unknown
IoT Hub device provisioning service instances should disable public network access
d82101f3-f3ce-4fc5-8708-4c09f4009546 Internet of Things
1.0.0
1x Default Allowed 0
GA
unknown
Log Analytics workspaces should block log ingestion and querying from public networks
6c53d030-cc64-46f0-906d-2bc061cd1334 Monitoring
1.1.0
1x Default Allowed 0
GA
unknown
Managed disks should disable public network access
8405fdab-1faf-48aa-b702-999c9c172094 Compute
2.1.0
2x Default Allowed 0
GA
unknown
Public network access on Azure Data Factory should be disabled
1cf164be-6819-4a50-b8fa-4bcaa4f98fb6 Data Factory
1.0.0
1x Default Allowed 0
GA
unknown
Public network access on Azure IoT Hub should be disabled
2d6830fb-07eb-48e7-8c4d-2a442b35f0fb Internet of Things
1.0.0
1x Default Allowed 0
GA
unknown
Public network access on Azure SQL Database should be disabled
1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL
1.1.0
1x Default Allowed 0
GA
true
Public network access should be disabled for Batch accounts
74c5a0ae-5e48-4738-b093-65e23a060488 Batch
1.0.0
1x Default Allowed 0
GA
unknown
Public network access should be disabled for Container registries
0fdf0491-d080-4575-b627-ad0e843cba0f Container Registry
1.0.0
1x Default Allowed 0
GA
true
Public network access should be disabled for MariaDB servers
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL
2.0.0
1x Default Allowed 0
GA
unknown
Public network access should be disabled for MySQL flexible servers
c9299215-ae47-4f50-9c54-8a392f68a052 SQL
2.3.0
3x Default Allowed 0
GA
unknown
Public network access should be disabled for MySQL servers
d9844e8a-1437-4aeb-a32c-0c992f056095 SQL
2.0.0
1x Default Allowed 0
GA
unknown
Public network access should be disabled for PostgreSQL flexible servers
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL
3.1.0
2x Default Allowed 0
GA
unknown
Public network access should be disabled for PostgreSQL servers
b52376f7-9612-48a1-81cd-1ffe4b61032c SQL
2.0.1
1x Default Allowed 0
GA
true
Service Bus Namespaces should disable public network access
cbd11fd3-3002-4907-b6c8-579f0e700e13 Service Bus
1.1.0
1x Default Allowed 0
GA
true
Storage accounts should disable public network access
b2982f36-99f2-4db5-8eff-283140c09693 Storage
1.0.1
1x Default Allowed 0
GA
unknown
No results
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 4.2.0 4.1.0 4.0.0 3.0.0 2.0.0 1.0.0 version right: 4.3.0 4.2.0 4.1.0 4.0.0 3.0.0 2.0.0 1.0.0
@@ -1,12 +1,12 @@
1
{
2
"displayName": "Audit Public Network Access",
3
"description": "Audit Azure resources that allow access from the public internet",
4
"metadata": {
5
-
"version": "4.2.0",
6
"category": "SDN"
7
},
8
-
"version": "4.2.0",
9
"parameters": {
10
"Effect-Microsoft.AppConfiguration-configurationStores": {
11
"type": "String",
12
"metadata": {
@@ -360,17 +360,18 @@
360
},
361
"Effect-Microsoft.Media-mediaServices": {
362
"type": "String",
363
"metadata": {
364
-
"displayName": "Microsoft.Media/mediaservices Effect",
365
-
"description": "Set an effect for this resource type"
366
},
367
"allowedValues": [
368
"Audit",
369
"Deny",
370
"Disabled"
371
],
372
-
"defaultValue": "Audit"
373
},
374
"Effect-Microsoft.OperationalInsights-LogAnalytics": {
375
"type": "String",
376
"metadata": {
@@ -727,18 +728,8 @@
727
}
728
}
729
},
730
{
731
-
"policyDefinitionReferenceId": "AuditPublicNetworkAccessForMicrosoftMediaServices",
732
-
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8bfe3603-0888-404a-87ff-5c1b6b4cc5e3",
733
-
"definitionVersion": "1.*.*",
734
-
"parameters": {
735
-
"effect": {
736
-
"value": "[parameters('Effect-Microsoft.Media-mediaServices')]"
737
-
}
738
-
}
739
-
},
740
-
{
741
"policyDefinitionReferenceId": "AuditPublicNetworkAccessForAzureMonitorPrivateLinkScopes",
742
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a499fed8-bcc8-4195-b154-641f14743757",
743
"definitionVersion": "1.*.*",
744
"parameters": {
@@ -828,8 +819,9 @@
828
}
829
}
830
],
831
"versions": [
832
"4.2.0",
833
"4.1.0"
834
]
835
}
1
{
2
"displayName": "Audit Public Network Access",
3
"description": "Audit Azure resources that allow access from the public internet",
4
"metadata": {
5
+
"version": "4.3 .0",
6
"category": "SDN"
7
},
8
+
"version": "4.3 .0",
9
"parameters": {
10
"Effect-Microsoft.AppConfiguration-configurationStores": {
11
"type": "String",
12
"metadata": {
360
},
361
"Effect-Microsoft.Media-mediaServices": {
362
"type": "String",
363
"metadata": {
364
+
"displayName": "[Deprecated]: Microsoft.Media/mediaservices Effect",
365
+
"description": "Set an effect for this resource type",
366
+
"deprecated": true
367
},
368
"allowedValues": [
369
"Audit",
370
"Deny",
371
"Disabled"
372
],
373
+
"defaultValue": "Disabled "
374
},
375
"Effect-Microsoft.OperationalInsights-LogAnalytics": {
376
"type": "String",
377
"metadata": {
728
}
729
}
730
},
731
{
732
"policyDefinitionReferenceId": "AuditPublicNetworkAccessForAzureMonitorPrivateLinkScopes",
733
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a499fed8-bcc8-4195-b154-641f14743757",
734
"definitionVersion": "1.*.*",
735
"parameters": {
819
}
820
}
821
],
822
"versions": [
823
+
"4.3.0",
824
"4.2.0",
825
"4.1.0"
826
]
827
}
JSON
api-version=2023-04-01 Copy definition Copy definition 4 EPAC EPAC
{ 8 items displayName: "Audit Public Network Access" , policyType: "BuiltIn" , description: "Audit Azure resources that allow access from the public internet" , metadata: { 2 items version: "4.3.0" , category: "SDN" } , version: "4.3.0" , parameters: { 36 items Effect-Microsoft.AppConfiguration-configurationStores: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.AppConfiguration/configurationStores Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-AppServiceEnvironment: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Web/hostingEnvironments Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Attestation-attestationProviders: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Attestation/attestationProviders Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Automation-automationAccounts: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Automation/automationAccounts Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Batch-batchAccounts: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Batch/batchAccounts Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.BotService-botServices: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.BotService/botServices Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Cache-Redis: { 4 items } , Effect-Microsoft.CognitiveServices-accounts: { 4 items type: "String" , metadata: { 3 items displayName: "[Deprecated]: Microsoft.CognitiveServices/accounts Effect" , description: "Set an effect for this resource type" , deprecated: true } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Disabled" } , Effect-Microsoft.Compute-disks: { 4 items } , Effect-Microsoft.ContainerRegistry-registries: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.ContainerRegistry/registries Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.DataFactory-factories: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.DataFactory/factories Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.DBforMariaDB-servers: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.DBforMariaDB/servers Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.DBforMySQL-flexibleServers: { 4 items type: "String" , metadata: { 2 items displayName: "DBforMySQL/flexibleServers Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.DBforMySQL-servers: { 4 items } , Effect-Microsoft.DBforPostgreSQL-flexibleServers: { 4 items type: "String" , metadata: { 2 items displayName: "DBforPostgreSQL/flexibleServers Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.DBforPostgreSQL-servers: { 4 items } , Effect-Microsoft.Databricks-workspaces: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Databricks/workspaces Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Devices-IotHubs: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Devices/IotHubs Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Devices-IotHubProvisioningService: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Devices/provisioningServices Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.KeyVault-vaults: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.KeyVault/vaults Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.DocumentDB-databaseAccounts: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.DocumentDB/databaseAccounts Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.EventGrid-domains: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.EventGrid/domains Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.EventGrid-topics: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.EventGrid/topics Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.HybridCompute-privateLinkScopes: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.HybridCompute/privateLinkScopes Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Insights-applicationInsights: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Insights/components Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-AzureMonitorPrivateLinkScopes: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Insights/privateLinkScopes Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.MachineLearningServices-workspaces: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.MachineLearningServices/workspaces Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Media-mediaServices: { 4 items type: "String" , metadata: { 3 items displayName: "[Deprecated]: Microsoft.Media/mediaservices Effect" , description: "Set an effect for this resource type" , deprecated: true } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Disabled" } , Effect-Microsoft.OperationalInsights-LogAnalytics: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.OperationalInsights/workspaces Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Search-searchServices: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Search/searchServices Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.ServiceBus-namespaces: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Storage/namespaces Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.SignalRService-SignalR: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.SignalRService/webPubSub Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.SignalRService-webPubSub: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.SignalRService/webPubSub Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.SQL-servers: { 4 items } , Effect-Microsoft.Storage-storageAccounts: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Storage/storageAccounts Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } , Effect-Microsoft.Synapse-workspaces: { 4 items type: "String" , metadata: { 2 items displayName: "Microsoft.Synapse/workspaces Effect" , description: "Set an effect for this resource type" } , allowedValues: [ 3 items "Audit" , "Deny" , "Disabled" ] , defaultValue: "Audit" } } , policyDefinitions: [ 34 items { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } , { 4 items } ] , versions: [ 3 items ] }
