Skip to content

Commit

Permalink
Built-in Policy Release 433ccfba (#1341)
Browse files Browse the repository at this point in the history 
Co-authored-by: Azure Policy Bot <azgovpolicy@microsoft.com>
  • Loading branch information
@gokmen-msft
gokmen-msft and Azure Policy Bot authored Jul 3, 2024
1 parent 424da61 commit 5158357
Show file tree
Hide file tree
Showing 5 changed files with 158 additions and 6 deletions.
50 changes: 50 additions & 0 deletions built-in-policies/policyDefinitions/Managed Grafana/AMG_EmailSettings_Deny.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"properties": {
"displayName": "Azure Managed Grafana workspaces should disable email settings",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disables SMTP settings configuration of email contact point for alerting in Grafana workspace.",
"metadata": {
"version": "1.0.0",
"category": "Managed Grafana"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Dashboard/grafana"
},
{
"field": "Microsoft.Dashboard/grafana/grafanaConfigurations.smtp.enabled",
"equals": "true"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/b6752a42-6fc3-46cb-8a15-33aa109407b1",
"name": "b6752a42-6fc3-46cb-8a15-33aa109407b1"
}
50 changes: 50 additions & 0 deletions built-in-policies/policyDefinitions/Managed Grafana/AMG_Enterprise_Deny.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"properties": {
"displayName": "Azure Managed Grafana workspaces should disable Grafana Enterprise upgrade",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disables Grafana Enterprise upgrade in Grafana workspace.",
"metadata": {
"version": "1.0.0",
"category": "Managed Grafana"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Dashboard/grafana"
},
{
"field": "Microsoft.Dashboard/grafana/enterpriseConfigurations",
"notEquals": "null"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/a08f2347-fe9c-482b-a944-f6a0e05124c0",
"name": "a08f2347-fe9c-482b-a944-f6a0e05124c0"
}
7 changes: 4 additions & 3 deletions built-in-policies/policyDefinitions/Managed Grafana/AMG_PrivateEndpoints_Audit.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"properties": {
"displayName": "Azure Managed Grafana should use private link",
"displayName": "Azure Managed Grafana workspaces should use private link",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Managed Grafana, you can reduce data leakage risks.",
"metadata": {
"version": "1.0.0",
"version": "1.0.1",
"category": "Managed Grafana"
},
"version": "1.0.0",
"version": "1.0.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,6 +47,7 @@
}
},
"versions": [
"1.0.1",
"1.0.0"
]
},
Expand Down
7 changes: 4 additions & 3 deletions built-in-policies/policyDefinitions/Managed Grafana/AMG_PrivateEndpoints_DINE.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"properties": {
"displayName": "Configure Azure Managed Grafana dashboards with private endpoints",
"displayName": "Configure Azure Managed Grafana workspaces with private endpoints",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to Azure Managed Grafana, you can reduce data leakage risks.",
"metadata": {
"version": "1.0.0",
"version": "1.0.1",
"category": "Managed Grafana"
},
"version": "1.0.0",
"version": "1.0.1",
"parameters": {
"privateEndpointSubnetId": {
"type": "String",
Expand Down Expand Up @@ -154,6 +154,7 @@
}
},
"versions": [
"1.0.1",
"1.0.0"
]
},
Expand Down
50 changes: 50 additions & 0 deletions built-in-policies/policyDefinitions/Managed Grafana/AMG_ServiceAccount_Deny.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"properties": {
"displayName": "Azure Managed Grafana workspaces should disable service account",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disables API keys and service account for automated workloads in Grafana workspace.",
"metadata": {
"version": "1.0.0",
"category": "Managed Grafana"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Dashboard/grafana"
},
{
"field": "Microsoft.Dashboard/grafana/apiKey",
"notEquals": "Disabled"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/0656cf40-485c-427b-b992-703a4ecf4f88",
"name": "0656cf40-485c-427b-b992-703a4ecf4f88"
}

0 comments on commit 5158357

Please sign in to comment.