-
Notifications
You must be signed in to change notification settings - Fork 316
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4aa873b
commit 7d583d2
Showing
2 changed files
with
45 additions
and
0 deletions.
There are no files selected for viewing
34 changes: 34 additions & 0 deletions
34
...ll Policies/Azure Policy - Enforce Explicit Proxy Configuration for Firewall Policies.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| { | ||
| "mode": "All", | ||
| "policyRule": { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "field": "type", | ||
| "equals": "Microsoft.Network/firewallPolicies" | ||
| }, | ||
| { | ||
| "field": "Microsoft.Network/firewallPolicies/explicitProxy.enableExplicitProxy", | ||
| "exists": "false" | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "effect": "[parameters('effect')]" | ||
| } | ||
| }, | ||
| "parameters": { | ||
| "effect": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "Effect", | ||
| "description": "Enable or disable the execution of the policy" | ||
| }, | ||
| "allowedValues": [ | ||
| "Audit", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Audit" | ||
| } | ||
| } | ||
| } |
11 changes: 11 additions & 0 deletions
11
...efinitions/Policy - Enforce Explicit Proxy Configuration for Firewall Policies/README.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| Azure Policy - Enforce Explicit Proxy Configuration for Firewall Policies | ||
| This Azure Policy checks all deployed Firewall Policies (Microsoft.Network/firewallPolicies) to ensure the explicitProxy.enableExplicitProxy field is present. If it is missing, the policy flags or audits the resource based on the chosen effect. | ||
|
|
||
| How the Policy Works | ||
| Scope: Applies to all resources in scope with type Microsoft.Network/firewallPolicies. | ||
| Condition: Checks if explicitProxy.enableExplicitProxy does not exist ("exists": "false"). | ||
| Action: Depending on the policy parameter effect, Azure Policy will either audit the non-compliant resource or disable the check. | ||
| Usage Instructions | ||
| Create/Assign the Policy: In the Azure Portal or via Azure CLI, upload this policy definition and assign it to a scope (management group, subscription, or resource group). | ||
| Choose the Effect: While assigning or editing the policy, select the desired effect (Audit or Disabled). | ||
| Review Compliance: In the Azure Policy blade, review which Firewall Policies do not meet the requirement if you have set the effect to Audit. |