AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Virtual network rules should be restricted for Storage Accounts

Source

Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Storage-NetworkAclsVirtualNetworkRules

Display name

Virtual network rules should be restricted for Storage Accounts

Deny-Storage-NetworkAclsVirtualNetworkRules

Version

Category

Storage

Description

Azure Storage accounts should restrict the virtual network service-level network ACLs. Enforce this for increased data exfiltration protection.

Mode

All

Type

Custom Azure Landing Zones (ALZ)

Preview

False

Deprecated

False

Effect

Default
Deny
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*]	Microsoft.Storage	storageAccounts	properties.networkAcls.virtualNetworkRules[*]	True		True

Rule resource types

IF (1)
Microsoft.Storage/storageAccounts

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State
Enforce recommended guardrails for Storage Account	Enforce-Guardrails-Storage	Storage	GA

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-06-03 17:39:43	add	Deny-Storage-NetworkAclsVirtualNetworkRules

JSON compare

n/a

JSON

EPAC