AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

[Preview]: Control the use of CosmosDB in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of CosmosDB in a Virtual Enclave
Id6bd484ca-ae8d-46cf-9b33-e1feef84bfba
Version1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for CosmosDB ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 8
Builtin Policies: 8
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration. 9d83ccb1-f313-46ce-9d39-a198bfdb51a0 Cosmos DB Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest 1f905d99-2ab7-462c-a6b0-f709acca6c8f Cosmos DB Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Azure Cosmos DB should disable public network access 797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Configure Cosmos DB database accounts to disable local authentication dc2d41d1-4ab1-4666-a3e1-3d51c43e0049 Cosmos DB Default
Modify
Allowed
Modify, Disabled		 1 DocumentDB Account Contributor GA
Configure CosmosDB accounts to disable public network access da69ba51-aaf1-41e5-8651-607cd0b37088 Cosmos DB Default
Modify
Allowed
Modify, Disabled		 2 Contributor, DocumentDB Account Contributor GA
Cosmos DB database accounts should have local authentication methods disabled 5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
CosmosDB accounts should use private link 58440f8a-10c5-4151-bdce-dfbaad4a20b7 Cosmos DB Default
Audit
Allowed
Audit, Disabled		 0 GA
Deploy Advanced Threat Protection for Cosmos DB Accounts b5f04e03-92a3-4b09-9410-2cc5e5047656 Cosmos DB Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA
Roles used Total Roles usage: 4
Total Roles unique usage: 3
Role Role Id Policies count Policies
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd 1 Deploy Advanced Threat Protection for Cosmos DB Accounts
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 1 Configure CosmosDB accounts to disable public network access
DocumentDB Account Contributor 5bd9cd88-fe45-4216-938b-f97437e15450 2 Configure Cosmos DB database accounts to disable local authentication, Configure CosmosDB accounts to disable public network access
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative 6bd484ca-ae8d-46cf-9b33-e1feef84bfba
JSON compare n/a
JSON
api-version=2021-06-01
EPAC