last sync: 2024-Nov-25 18:54:24 UTC

Storage Accounts with custom domains assigned should be denied

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-StorageAccount-CustomDomain
Deploy policy Deny-StorageAccount-CustomDomain (1.0.0) to Azure
Display name Storage Accounts with custom domains assigned should be denied
Id Deny-StorageAccount-CustomDomain
Version 1.0.0
Details on versioning
Category Storage
Description This policy denies the creation of Storage Accounts with custom domains assigned as communication cannot be encrypted, and always uses HTTP.
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/customDomain Microsoft.Storage storageAccounts properties.customDomain True False
Microsoft.Storage/storageAccounts/customDomain.useSubDomainName Microsoft.Storage storageAccounts properties.customDomain.useSubDomainName True False
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-06-20 20:17:42 add Deny-StorageAccount-CustomDomain
JSON compare n/a
JSON
EPAC
Deploy policy Deny-StorageAccount-CustomDomain (1.0.0) to Azure