| Name | Defender CSPM Storage Scanner Operator | ||||||||||||||||||||||
| Id | 8480c0f0-4509-4229-9339-7c10018cb8c4 | ||||||||||||||||||||||
| Description | Lets you enable and configure Microsoft Defender CSPM's sensitive data discovery feature on your storage accounts. Includes an ABAC condition to limit role assignments. | ||||||||||||||||||||||
| CreatedOn | 2024-02-26 16:08:39 UTC | ||||||||||||||||||||||
| UpdatedOn | 2024-04-19 22:15:36 UTC | ||||||||||||||||||||||
| History |
|
||||||||||||||||||||||
| Permissions summary | Effective control plane and data plane operations: 53 (unique operations) •action: 7 •delete: 2 •read: 40 •write: 4 Actions: 10 Resolved control plane operations from Actions: 53 Effective control plane operations: 53 •action: 7 •delete: 2 •read: 40 •write: 4 NotActions: 0 Resolved control plane operations from NotActions: 0 Effective denied control plane operations: 15742 DataActions: 0 Resolved data plane operations: 0 Effective data plane operations: 0 NotDataActions: 0 Resolved data plane operations from NotDataActions: 0 Effective denied data plane operations: 3259 |
||||||||||||||||||||||
| Actions |
|
||||||||||||||||||||||
| NotActions | n/a | ||||||||||||||||||||||
| DataActions | n/a | ||||||||||||||||||||||
| NotDataActions | n/a | ||||||||||||||||||||||
| Used in BuiltIn Policy |
none | ||||||||||||||||||||||
| JSON |
|
||||||||||||||||||||||
| Condition |
@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 (Storage Blob Data Reader), b8eda974-7b85-4f76-af95-65846b26df6d (Storage File Data Privileged Reader) } @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals { 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 (Storage Blob Data Reader), b8eda974-7b85-4f76-af95-65846b26df6d (Storage File Data Privileged Reader) } |