AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

[Deprecated] RDP access from the Internet should be blocked

Azure Landing Zones (ALZ) Policy definition

Source

Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-RDP-From-Internet

Display name

[Deprecated] RDP access from the Internet should be blocked

Deny-RDP-From-Internet

Version

1.0.1-deprecated
Details on versioning

Category

Network

Description

This policy denies any network security rule that allows RDP access from Internet. This policy is superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html

Mode

All

Type

Custom Azure Landing Zones (ALZ)

Preview

False

Deprecated

True

SupersededBy

This ALZ Policy definition is superseded by Management port access from the Internet should be blocked (Deny-MgmtPorts-From-Internet) Custom Azure Landing Zones (ALZ)
More information on Azure Landing Zones deprecated Policy definitions

Effect

Default
Deny
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (6)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Network/networkSecurityGroups/securityRules/access	Microsoft.Network	networkSecurityGroups/securityRules	properties.access	True	True
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange	Microsoft.Network	networkSecurityGroups/securityRules	properties.destinationPortRange	True	True
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]	Microsoft.Network	networkSecurityGroups/securityRules	properties.destinationPortRanges[*]	True	True
Microsoft.Network/networkSecurityGroups/securityRules/direction	Microsoft.Network	networkSecurityGroups/securityRules	properties.direction	True	True
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix	Microsoft.Network	networkSecurityGroups/securityRules	properties.sourceAddressPrefix	True	True
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]	Microsoft.Network	networkSecurityGroups/securityRules	properties.sourceAddressPrefixes[*]	True	True

Rule resource types

IF (1)
Microsoft.Network/networkSecurityGroups/securityRules

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-04-17 17:17:42	change	Patch, suffix remains equal (1.0.0-deprecated > 1.0.1-deprecated) Superseded by: Management port access from the Internet should be blocked (Deny-MgmtPorts-From-Internet) Custom Azure Landing Zones (ALZ)
2023-04-06 06:17:42	change	Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated)

JSON compare

compare mode: version left: version right:

JSON

EPAC