last sync: 2024-Nov-25 18:54:24 UTC

Container registries should have exports disabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Container registries should have exports disabled
Id 524b0254-c285-4903-bee6-bb8126cde579
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Container Registry
Microsoft Learn
Description Disabling exports improves security by ensuring data in a registry is accessed solely via the dataplane ('docker pull'). Data cannot be moved out of the registry via 'acr import' or via 'acr transfer'. In order to disable exports, public network access must be disabled. Learn more at: https://aka.ms/acr/export-policy.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerRegistry/registries/policies.exportPolicy.status Microsoft.ContainerRegistry registries properties.policies.exportPolicy.status True False
Microsoft.ContainerRegistry/registries/publicNetworkAccess Microsoft.ContainerRegistry registries properties.publicNetworkAccess True True
Rule resource types IF (1)
Microsoft.ContainerRegistry/registries
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Enforce recommended guardrails for Container Registry Enforce-Guardrails-ContainerRegistry Container Registry GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-09 19:32:42 add 524b0254-c285-4903-bee6-bb8126cde579
JSON compare n/a
JSON
api-version=2021-06-01
EPAC