AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Subnets should have a Network Security Group

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Subnet-Without-Nsg
Deploy policy Deny-Subnet-Without-Nsg (2.0.0) to Azure
Display name Subnets should have a Network Security Group
Id Deny-Subnet-Without-Nsg
Version 2.0.0
Details on versioning
Category Network
Description This policy denies the creation of a subnet without a Network Security Group. NSG help to protect traffic across subnet-level.
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (4)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id Microsoft.Network virtualNetworks/subnets properties.networkSecurityGroup.id True True
Microsoft.Network/virtualNetworks/subnets[*] Microsoft.Network virtualNetworks properties.subnets[*] True False
Microsoft.Network/virtualNetworks/subnets[*].name Microsoft.Network virtualNetworks properties.subnets[*].name True False
Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id Microsoft.Network virtualNetworks properties.subnets[*].properties.networkSecurityGroup.id True True
Rule resource types IF (2)
Microsoft.Network/virtualNetworks
Microsoft.Network/virtualNetworks/subnets
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State
Enforce recommended guardrails for Network and Networking services Enforce-Guardrails-Network Network GA
History none
JSON compare n/a
JSON
EPAC
Deploy policy Deny-Subnet-Without-Nsg (2.0.0) to Azure