AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

Enforce recommended guardrails for API Management

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-APIM
Display nameEnforce recommended guardrails for API Management
IdEnforce-Guardrails-APIM
Version1.0.0
Details on versioning
CategoryAPI Management
DescriptionThis policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 11
Builtin Policies: 10
Static Policies: 0
ALZ Policies: 1
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
API Management APIs should use only encrypted protocols ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA BuiltIn
API Management calls to API backends should be authenticated c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA BuiltIn
API Management calls to API backends should not bypass certificate thumbprint or name validation 92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA BuiltIn
API Management direct management endpoint should not be enabled b741306c-968e-4b67-b916-5675e5c709f4 API Management Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA BuiltIn
API Management minimum API version should be set to 2019-12-01 or higher 549814b6-3212-4203-bdc8-1548d342fb67 API Management Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
API Management secret named values should be stored in Azure Key Vault f1cc7827-022c-473e-836e-5a51cae0b249 API Management Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA BuiltIn
API Management service should use a SKU that supports virtual networks 73ef9241-5d81-4cd4-b483-8443d1730fe5 API Management Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
API Management services should use a virtual network ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
API Management services should use TLS version 1.2 Deny-APIM-TLS API Management Default
Deny
Allowed
Audit, Deny, Disabled		 0 GA ALZ
API Management subscriptions should not be scoped to all APIs 3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA BuiltIn
Configure API Management services to disable access to API Management public service configuration endpoints 7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2 API Management Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 API Management Service Contributor GA BuiltIn
Roles used
Total Roles usage: 1
Total Roles unique usage: 1
Role Role Id Policies count Policies
API Management Service Contributor 312a565d-c81f-4fd8-895a-4e21e48d571c 1 Configure API Management services to disable access to API Management public service configuration endpoints
History none
JSON compare n/a
JSON
EPAC