last sync: 2024-Nov-25 18:54:24 UTC

File Services with insecure Kerberos ticket encryption should be denied

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-FileServices-InsecureKerberos
Deploy policy Deny-FileServices-InsecureKerberos (1.0.0) to Azure
Display name File Services with insecure Kerberos ticket encryption should be denied
Id Deny-FileServices-InsecureKerberos
Version 1.0.0
Details on versioning
Category Storage
Description This policy denies the use of insecure Kerberos ticket encryption (RC4-HMAC) when using File Services on a storage account.
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.kerberosTicketEncryption Microsoft.Storage storageAccounts/fileServices properties.protocolSettings.smb.kerberosTicketEncryption True True
Rule resource types IF (1)
Microsoft.Storage/storageAccounts/fileServices
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-06-20 20:17:42 add Deny-FileServices-InsecureKerberos
JSON compare n/a
JSON
EPAC
Deploy policy Deny-FileServices-InsecureKerberos (1.0.0) to Azure