AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

[Deprecated]: RDP access from the Internet should be blocked

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Deprecated]: RDP access from the Internet should be blocked

e372f825-a257-4fb8-9175-797a8a8627d6

Version

2.0.0-deprecated
Details on versioning

Versioning

Versions supported for Versioning: 1
2.0.0 (2.0.0-deprecated)
Built-in Versioning [Preview]

Category

Network
Microsoft Learn

Description

This policy is deprecated. This policy audits any network security rule that allows RDP access from Internet

Mode

All

Type

BuiltIn

Preview

False

Deprecated

True

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

IF (6)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Network/networkSecurityGroups/securityRules/access	Microsoft.Network	networkSecurityGroups/securityRules	properties.access	True	True
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange	Microsoft.Network	networkSecurityGroups/securityRules	properties.destinationPortRange	True	True
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]	Microsoft.Network	networkSecurityGroups/securityRules	properties.destinationPortRanges[*]	True	True
Microsoft.Network/networkSecurityGroups/securityRules/direction	Microsoft.Network	networkSecurityGroups/securityRules	properties.direction	True	True
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix	Microsoft.Network	networkSecurityGroups/securityRules	properties.sourceAddressPrefix	True	True
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]	Microsoft.Network	networkSecurityGroups/securityRules	properties.sourceAddressPrefixes[*]	True	True

Rule resource types

IF (1)
Microsoft.Network/networkSecurityGroups/securityRules

Compliance

The following 1 compliance controls are associated with this Policy definition '[Deprecated]: RDP access from the Internet should be blocked' (e372f825-a257-4fb8-9175-797a8a8627d6)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v2.0	NS-4	Azure_Security_Benchmark_v2.0_NS-4	Azure Security Benchmark NS-4	Network Security	Protect applications and services from external network attacks	Customer	Protect Azure resources against attacks from external networks, including distributed denial of service (DDoS) Attacks, application specific attacks, and unsolicited and potentially malicious internet traffic. Azure includes native capabilities for this: - Use Azure Firewall to protect applications and services against potentially malicious traffic from the internet and other external locations. - Use Web Application Firewall (WAF) capabilities in Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) to protect your applications, services, and APIs against application layer attacks. - Protect your assets against DDoS attacks by enabling DDoS protection on your Azure virtual networks. - Use Azure Security Center to detect misconfiguration risks related to the above. Azure Firewall Documentation: https://docs.microsoft.com/azure/firewall/ How to deploy Azure WAF: https://docs.microsoft.com/azure/web-application-firewall/overview Manage Azure DDoS Protection using the Azure portal: https://docs.microsoft.com/azure/virtual-network/manage-ddos-protection	n/a	link	14

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Deprecated]: Azure Security Benchmark v2	bb522ac1-bc39-4957-b194-429bcd3bcb0b	Regulatory Compliance	Deprecated	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-09-27 15:52:17	change	Version remains equal, new suffix: deprecated (2.0.0 > 2.0.0-deprecated)
2020-01-29 21:53:30	add	e372f825-a257-4fb8-9175-797a8a8627d6

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC