AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

[Preview]: Control the use of Storage Accounts in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

[Preview]: Control the use of Storage Accounts in a Virtual Enclave

ca122c06-05f6-4423-9018-ccb523168eb2

Version

1.1.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 2
1.0.0-preview
1.1.0-preview
Built-in Versioning [Preview]

Category

VirtualEnclaves
Microsoft Learn

Description

This initiative deploys Azure policies for Storage Accounts ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves

Type

BuiltIn

Deprecated

False

Preview

True

Policy count

Total Policies: 11
Builtin Policies: 11
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State
Configure Storage Accounts to restrict network access through network ACL bypass configuration only.	41a72361-06e3-4e80-832a-690bd0708bc1	VirtualEnclaves	Default Modify Allowed Modify, Disabled	1	Storage Account Contributor	GA
Configure your Storage account public access to be disallowed	13502221-8df0-4414-9937-de9c5c4e396b	Storage	Default Modify Allowed Modify, Disabled	1	Storage Account Contributor	GA
Microsoft Defender for Storage should be enabled	640d2586-54d2-465f-877f-9ffc1d2109f4	Security Center	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Queue Storage should use customer-managed key for encryption	f0e5abd0-2554-4736-b7c0-4ffef23475ef	Storage	Default Audit Allowed Audit, Deny, Disabled	0		GA
Secure transfer to storage accounts should be enabled	404c3081-a854-4457-ae30-26a93ef643f9	Storage	Default Audit Allowed Audit, Deny, Disabled	0		GA
Storage account encryption scopes should use customer-managed keys to encrypt data at rest	b5ec538c-daa0-4006-8596-35468b9148e8	Storage	Default Audit Allowed Audit, Deny, Disabled	0		GA
Storage accounts should have the specified minimum TLS version	fe83a0eb-a853-422d-aac2-1bffd182c5d0	Storage	Default Audit Allowed Audit, Deny, Disabled	0		GA
Storage Accounts should restrict network access through network ACL bypass configuration only.	7809fda1-ba27-48c1-9c63-1f5aee46ba89	VirtualEnclaves	Default Audit Allowed Audit, Deny, Disabled	0		GA
Storage accounts should use customer-managed key for encryption	6fac406b-40ca-413b-bf8e-0bf964659c25	Storage	Default Audit Allowed Audit, Disabled	0		GA
Storage accounts should use private link	6edd7eda-6dd8-40f7-810d-67160c639cd9	Storage	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Table Storage should use customer-managed key for encryption	7c322315-e26d-4174-a99e-f49d351b4688	Storage	Default Audit Allowed Audit, Deny, Disabled	0		GA

Roles used

Total Roles usage: 2
Total Roles unique usage: 1

Role	Role Id	Policies count	Policies
Storage Account Contributor	17d1049b-9a84-46fb-8f53-869881c3d3ab	2	Configure Storage Accounts to restrict network access through network ACL bypass configuration only., Configure your Storage account public access to be disallowed

History

Date/Time (UTC ymd) (i)	Changes
2024-03-01 17:50:54	add Policy Configure Storage Accounts to restrict network access through network ACL bypass configuration only. (41a72361-06e3-4e80-832a-690bd0708bc1) add Policy Storage Accounts should restrict network access through network ACL bypass configuration only. (7809fda1-ba27-48c1-9c63-1f5aee46ba89) Version change: '1.0.0-preview' to '1.1.0-preview' remove Policy Storage accounts should disable public network access (b2982f36-99f2-4db5-8eff-283140c09693) remove Policy Storage accounts should have infrastructure encryption (4733ea7b-a883-42fe-8cac-97454c2a9e4a)
2024-01-17 19:06:27	add Initiative ca122c06-05f6-4423-9018-ccb523168eb2

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC