AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Container registries should have repository scoped access token disabled.

Azure BuiltIn Policy definition

Source Azure Portal
Display name Container registries should have repository scoped access token disabled.
Id ff05e24e-195c-447e-b322-5e90c9f9f366
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Container Registry
Microsoft Learn
Description Disable repository scoped access tokens for your registry so that repositories are not accessible by tokens. Disabling local authentication methods like admin user, repository scoped access tokens and anonymous pull improves security by ensuring that container registries exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/acr/authentication.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerRegistry/registries/tokens/status Microsoft.ContainerRegistry registries/tokens properties.status True True
Rule resource types IF (1)
Microsoft.ContainerRegistry/registries/tokens
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Enforce recommended guardrails for Container Registry Enforce-Guardrails-ContainerRegistry Container Registry GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-02-11 18:30:22 add ff05e24e-195c-447e-b322-5e90c9f9f366
JSON compare n/a
JSON
api-version=2021-06-01
EPAC