AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Container registries should have local admin account disabled.

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Container registries should have local admin account disabled.

dc921057-6b28-4fbe-9b83-f7bec05db6c2

Version

1.0.1
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.1
Built-in Versioning [Preview]

Category

Container Registry
Microsoft Learn

Description

Disable admin account for your registry so that it is not accessible by local admin. Disabling local authentication methods like admin user, repository scoped access tokens and anonymous pull improves security by ensuring that container registries exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/acr/authentication.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.ContainerRegistry/registries/adminUserEnabled	Microsoft.ContainerRegistry	registries	properties.adminUserEnabled	True		True

Rule resource types

IF (1)
Microsoft.ContainerRegistry/registries

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Enforce recommended guardrails for Container Registry	Enforce-Guardrails-ContainerRegistry	Container Registry	GA	ALZ

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-02-11 18:30:22	change	Patch (1.0.0 > 1.0.1)
2021-06-15 14:05:41	add	dc921057-6b28-4fbe-9b83-f7bec05db6c2

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC