AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

[Preview]: Control the use of AKS in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of AKS in a Virtual Enclave
Idd300338e-65d1-4be3-b18e-fb4ce5715a8f
Version1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for AKS ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 8
Builtin Policies: 8
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Authorized IP ranges should be defined on Kubernetes Services 0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Security Center Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Kubernetes Clusters should enable Key Management Service (KMS) dbbdc317-9734-4dd8-9074-993b29c69008 Kubernetes Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Kubernetes Service Clusters should disable Command Invoke 89f2d532-c53c-4f8f-9afa-4927b1114a0d Kubernetes Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Kubernetes Service clusters should have Defender profile enabled a1840de2-8088-4ea8-b153-b4c723e9cb01 Kubernetes Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Kubernetes Service Clusters should use managed identities da6e2401-19da-4532-9141-fb8fbde08431 Kubernetes Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Kubernetes Service Private Clusters should be enabled 040732e8-d947-40b8-95d6-854c95024bf8 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default
Audit
Allowed
Audit, Disabled		 0 GA
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative d300338e-65d1-4be3-b18e-fb4ce5715a8f
JSON compare n/a
JSON
api-version=2021-06-01
EPAC