AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

Enforce recommended guardrails for Container Registry

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source

Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-ContainerRegistry

Display name

Enforce recommended guardrails for Container Registry

Id

Enforce-Guardrails-ContainerRegistry

Version

1.0.0
Details on versioning

Category

Container Registry

Description

This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.

Type

Custom Azure Landing Zones (ALZ)

Deprecated

False

Preview

False

Policy count

Total Policies: 12
Builtin Policies: 12
Static Policies: 0
ALZ Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State	Type
Configure container registries to disable anonymous authentication.	cced2946-b08a-44fe-9fd9-e4ed8a779897	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Configure container registries to disable ARM audience token authentication.	785596ed-054f-41bc-aaec-7f3d0ba05725	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Configure container registries to disable local admin account.	79fdfe03-ffcb-4e55-b4d0-b925b8241759	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Configure Container registries to disable public network access	a3701552-92ea-433e-9d17-33b7f1208fc9	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Configure container registries to disable repository scoped access token.	a9b426fe-8856-4945-8600-18c5dd1cca2a	Container Registry	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Container registries should have anonymous authentication disabled.	9f2dea28-e834-476c-99c5-3507b4728395	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Container registries should have ARM audience token authentication disabled.	42781ec6-6127-4c30-bdfa-fb423a0047d3	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Container registries should have exports disabled	524b0254-c285-4903-bee6-bb8126cde579	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Container registries should have local admin account disabled.	dc921057-6b28-4fbe-9b83-f7bec05db6c2	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Container registries should have repository scoped access token disabled.	ff05e24e-195c-447e-b322-5e90c9f9f366	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Container registries should have SKUs that support Private Links	bd560fc0-3c69-498a-ae9f-aa8eb7de0e13	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Container registries should not allow unrestricted network access	d0793b48-0edc-4296-a390-4c75d1bdfd71	Container Registry	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn

Roles used

Total Roles usage: 5
Total Roles unique usage: 1

Role	Role Id	Policies count	Policies
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c	5	Configure container registries to disable anonymous authentication., Configure container registries to disable ARM audience token authentication., Configure container registries to disable local admin account., Configure Container registries to disable public network access, Configure container registries to disable repository scoped access token.

History

none

JSON compare

n/a

JSON

EPAC