last sync: 2024-Nov-25 18:54:24 UTC

Storage Accounts with SFTP enabled should be denied

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Storage-SFTP
Deploy policy Deny-Storage-SFTP (1.0.0) to Azure
Display name Storage Accounts with SFTP enabled should be denied
Id Deny-Storage-SFTP
Version 1.0.0
Details on versioning
Category Storage
Description This policy denies the creation of Storage Accounts with SFTP enabled for Blob Storage.
Mode Indexed
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/isSftpEnabled Microsoft.Storage storageAccounts properties.isSftpEnabled True False
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State
Enforce recommended guardrails for Storage Account Enforce-Guardrails-Storage Storage GA
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-06-20 20:17:42 add Deny-Storage-SFTP
JSON compare n/a
JSON
EPAC
Deploy policy Deny-Storage-SFTP (1.0.0) to Azure