Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create policy exemptions for Defender for Cloud recommendations #96

Open
1 of 5 tasks
SvenAelterman opened this issue Jul 31, 2024 · 0 comments
Open
1 of 5 tasks
Assignees
Labels
enhancement New feature or request in-progress Work on this issue is in progress; assignee required low priority A low priority issue will likely not be addressed until other issues are resolved

Comments

@SvenAelterman
Copy link
Collaborator

SvenAelterman commented Jul 31, 2024

https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/policyexemptions?pivots=deployment-language-bicep

Considerations

  • Multiple different policy initiative assignments from multiple regulatory frameworks can be in scope.
  • Not all compliance initiatives use the same policy definitions and even when they do, the policy reference IDs might be different.

Create exemptions for:

  • Imaging storage account: vnet rules, private link, access key

  • Spoke private storage account

    • Allow using access key (must be enabled for ADF to target Azure Files)
    • Do not require service endpoint (private endpoints used)
  • Airlock storage account (hub or spoke)

    • Allow using access key (must be enabled for ADF to target Azure Files)
    • Do not require service endpoint (private endpoints used)
@SvenAelterman SvenAelterman added enhancement New feature or request low priority A low priority issue will likely not be addressed until other issues are resolved labels Jul 31, 2024
@SvenAelterman SvenAelterman added the in-progress Work on this issue is in progress; assignee required label Aug 9, 2024
@SvenAelterman SvenAelterman self-assigned this Aug 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request in-progress Work on this issue is in progress; assignee required low priority A low priority issue will likely not be addressed until other issues are resolved
Projects
None yet
Development

No branches or pull requests

1 participant