AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-UDR-With-Specific-NextHop
Deploy policy Deny-UDR-With-Specific-NextHop (1.0.0) to Azure
Display name User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied
Id Deny-UDR-With-Specific-NextHop
Version 1.0.0
Details on versioning
Category Network
Description This policy denies the creation of a User Defined Route with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway'.
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/routeTables/routes/nextHopType Microsoft.Network routeTables/routes properties.nextHopType True True
Microsoft.Network/routeTables/routes[*] Microsoft.Network routeTables properties.routes[*] True True
Microsoft.Network/routeTables/routes[*].nextHopType Microsoft.Network routeTables properties.routes[*].properties.nextHopType True True
Rule resource types IF (2)
Microsoft.Network/routeTables
Microsoft.Network/routeTables/routes
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-06-20 20:17:42 add Deny-UDR-With-Specific-NextHop
JSON compare n/a
JSON
EPAC
Deploy policy Deny-UDR-With-Specific-NextHop (1.0.0) to Azure