-
Notifications
You must be signed in to change notification settings - Fork 984
/
Copy pathEnforce-Guardrails-DataExplorer.json
101 lines (101 loc) · 3.61 KB
/
Enforce-Guardrails-DataExplorer.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{
"name": "Enforce-Guardrails-DataExplorer",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
"properties": {
"policyType": "Custom",
"displayName": "Enforce recommended guardrails for Data Explorer",
"description": "This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.",
"metadata": {
"version": "1.0.0",
"category": "Azure Data Explorer",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
"AzureChinaCloud",
"AzureUSGovernment"
]
},
"parameters": {
"adxEncryption": {
"type": "string",
"defaultValue": "Deny",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
]
},
"adxDoubleEncryption": {
"type": "string",
"defaultValue": "Deny",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
]
},
"adxSku": {
"type": "string",
"defaultValue": "Deny",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
]
},
"adxModifyPublicNetworkAccess": {
"type": "string",
"defaultValue": "Modify",
"allowedValues": [
"Modify",
"Disabled"
]
}
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b",
"policyDefinitionReferenceId": "Deny-ADX-Sku-without-PL-Support",
"groupNames": [],
"parameters": {
"effect": {
"value": "[[parameters('adxSku')]"
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1",
"policyDefinitionReferenceId": "Deny-ADX-Double-Encryption",
"groupNames": [],
"parameters": {
"effect": {
"value": "[[parameters('adxDoubleEncryption')]"
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e",
"policyDefinitionReferenceId": "Deny-ADX-Encryption",
"groupNames": [],
"parameters": {
"effect": {
"value": "[[parameters('adxEncryption')]"
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa",
"policyDefinitionReferenceId": "Modify-ADX-Public-Network-Access",
"groupNames": [],
"parameters": {
"effect": {
"value": "[[parameters('adxModifyPublicNetworkAccess')]"
}
}
}
],
"policyDefinitionGroups": null
}
}