AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

App Service certificates must be stored in Key Vault

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-AppService-without-BYOC
Deploy policy Deny-AppService-without-BYOC (1.0.0) to Azure
Display name App Service certificates must be stored in Key Vault
Id Deny-AppService-without-BYOC
Version 1.0.0
Details on versioning
Category App Service
Description App Service (including Logic apps and Function apps) must use certificates stored in Key Vault
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/certificates/keyVaultId Microsoft.Web certificates properties.keyVaultId True False
Microsoft.Web/certificates/keyVaultSecretName Microsoft.Web certificates properties.keyVaultSecretName True False
Rule resource types IF (1)
Microsoft.Web/certificates
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State
Enforce recommended guardrails for App Service Enforce-Guardrails-AppServices App Service GA
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-06-03 17:39:43 add Deny-AppService-without-BYOC
JSON compare n/a
JSON
EPAC
Deploy policy Deny-AppService-without-BYOC (1.0.0) to Azure