AzPolicyAdvertizer

last sync: 2024-Sep-19 17:51:32 UTC

Container registries should have ARM audience token authentication disabled.

Azure BuiltIn Policy definition

Source Azure Portal
Display name Container registries should have ARM audience token authentication disabled.
Id 42781ec6-6127-4c30-bdfa-fb423a0047d3
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Container Registry
Microsoft Learn
Description Disable Azure Active Directory ARM audience tokens for authentication to your registry. Only Azure Container Registry (ACR) audience tokens will be used for authentication. This will ensure only tokens meant for usage on the registry can be used for authentication. Disabling ARM audience tokens does not affect admin user's or scoped access tokens' authentication. Learn more at: https://aka.ms/acr/authentication.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerRegistry/registries/policies.azureADAuthenticationAsArmPolicy Microsoft.ContainerRegistry registries properties.policies.azureADAuthenticationAsArmPolicy True False
Microsoft.ContainerRegistry/registries/policies.azureADAuthenticationAsArmPolicy.status Microsoft.ContainerRegistry registries properties.policies.azureADAuthenticationAsArmPolicy.status True True
Rule resource types IF (1)
Microsoft.ContainerRegistry/registries
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Enforce recommended guardrails for Container Registry Enforce-Guardrails-ContainerRegistry Container Registry GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-07-15 16:32:44 add 42781ec6-6127-4c30-bdfa-fb423a0047d3
JSON compare n/a
JSON
api-version=2021-06-01
EPAC