| Name | Defender CSPM Storage Scanner Operator | ||||||||||||||||||||||||||||
| Id | 8480c0f0-4509-4229-9339-7c10018cb8c4 | ||||||||||||||||||||||||||||
| Description | Lets you enable and configure Microsoft Defender CSPM's sensitive data discovery feature on your storage accounts. Includes an ABAC condition to limit role assignments. | ||||||||||||||||||||||||||||
| CreatedOn | 2024-02-23 11:40:48 UTC | ||||||||||||||||||||||||||||
| UpdatedOn | 2024-09-30 15:04:07 UTC | ||||||||||||||||||||||||||||
| History |
|
||||||||||||||||||||||||||||
| Permissions summary | Effective control plane and data plane operations: 56 (unique operations) •action: 7 •delete: 3 •read: 41 •write: 5 Actions: 13 Resolved control plane operations from Actions: 56 Effective control plane operations: 56 •action: 7 •delete: 3 •read: 41 •write: 5 NotActions: 0 Resolved control plane operations from NotActions: 0 Effective denied control plane operations: 16116 DataActions: 0 Resolved data plane operations: 0 Effective data plane operations: 0 NotDataActions: 0 Resolved data plane operations from NotDataActions: 0 Effective denied data plane operations: 3303 |
||||||||||||||||||||||||||||
| Actions |
|
||||||||||||||||||||||||||||
| NotActions | n/a | ||||||||||||||||||||||||||||
| DataActions | n/a | ||||||||||||||||||||||||||||
| NotDataActions | n/a | ||||||||||||||||||||||||||||
| Used in BuiltIn Policy |
none | ||||||||||||||||||||||||||||
| JSON |
|
||||||||||||||||||||||||||||
| Condition |
@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 (Storage Blob Data Reader), b8eda974-7b85-4f76-af95-65846b26df6d (Storage File Data Privileged Reader) } @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals { 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 (Storage Blob Data Reader), b8eda974-7b85-4f76-af95-65846b26df6d (Storage File Data Privileged Reader) } |