AzInitiativeAdvertizer

last sync: 2024-Sep-18 17:50:42 UTC

Enforce recommended guardrails for Cosmos DB

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-CosmosDb
Display nameEnforce recommended guardrails for Cosmos DB
IdEnforce-Guardrails-CosmosDb
Version1.0.0
Details on versioning
CategoryCosmos DB
DescriptionThis policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 6
Builtin Policies: 6
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Azure Cosmos DB accounts should have firewall rules 862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Cosmos DB Default
Deny
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
Azure Cosmos DB key based metadata write access should be disabled 4750c32b-89c0-46af-bfcb-2e4541a818d5 Cosmos DB Fixed
append		 0 GA BuiltIn
Configure Cosmos DB database accounts to disable local authentication dc2d41d1-4ab1-4666-a3e1-3d51c43e0049 Cosmos DB Default
Modify
Allowed
Modify, Disabled		 1 DocumentDB Account Contributor GA BuiltIn
Configure CosmosDB accounts to disable public network access da69ba51-aaf1-41e5-8651-607cd0b37088 Cosmos DB Default
Modify
Allowed
Modify, Disabled		 2 Contributor, DocumentDB Account Contributor GA BuiltIn
Cosmos DB database accounts should have local authentication methods disabled 5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
Deploy Advanced Threat Protection for Cosmos DB Accounts b5f04e03-92a3-4b09-9410-2cc5e5047656 Cosmos DB Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn
Roles used
History none
JSON compare n/a
JSON
EPAC