Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Built-in Policy Release 433ccfba #1341

Merged
merged 1 commit into from
Jul 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"properties": {
"displayName": "Azure Managed Grafana workspaces should disable email settings",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disables SMTP settings configuration of email contact point for alerting in Grafana workspace.",
"metadata": {
"version": "1.0.0",
"category": "Managed Grafana"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Dashboard/grafana"
},
{
"field": "Microsoft.Dashboard/grafana/grafanaConfigurations.smtp.enabled",
"equals": "true"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/b6752a42-6fc3-46cb-8a15-33aa109407b1",
"name": "b6752a42-6fc3-46cb-8a15-33aa109407b1"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"properties": {
"displayName": "Azure Managed Grafana workspaces should disable Grafana Enterprise upgrade",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disables Grafana Enterprise upgrade in Grafana workspace.",
"metadata": {
"version": "1.0.0",
"category": "Managed Grafana"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Dashboard/grafana"
},
{
"field": "Microsoft.Dashboard/grafana/enterpriseConfigurations",
"notEquals": "null"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/a08f2347-fe9c-482b-a944-f6a0e05124c0",
"name": "a08f2347-fe9c-482b-a944-f6a0e05124c0"
}
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"properties": {
"displayName": "Azure Managed Grafana should use private link",
"displayName": "Azure Managed Grafana workspaces should use private link",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Managed Grafana, you can reduce data leakage risks.",
"metadata": {
"version": "1.0.0",
"version": "1.0.1",
"category": "Managed Grafana"
},
"version": "1.0.0",
"version": "1.0.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,6 +47,7 @@
}
},
"versions": [
"1.0.1",
"1.0.0"
]
},
Expand Down
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"properties": {
"displayName": "Configure Azure Managed Grafana dashboards with private endpoints",
"displayName": "Configure Azure Managed Grafana workspaces with private endpoints",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to Azure Managed Grafana, you can reduce data leakage risks.",
"metadata": {
"version": "1.0.0",
"version": "1.0.1",
"category": "Managed Grafana"
},
"version": "1.0.0",
"version": "1.0.1",
"parameters": {
"privateEndpointSubnetId": {
"type": "String",
Expand Down Expand Up @@ -154,6 +154,7 @@
}
},
"versions": [
"1.0.1",
"1.0.0"
]
},
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"properties": {
"displayName": "Azure Managed Grafana workspaces should disable service account",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disables API keys and service account for automated workloads in Grafana workspace.",
"metadata": {
"version": "1.0.0",
"category": "Managed Grafana"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Dashboard/grafana"
},
{
"field": "Microsoft.Dashboard/grafana/apiKey",
"notEquals": "Disabled"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/0656cf40-485c-427b-b992-703a4ecf4f88",
"name": "0656cf40-485c-427b-b992-703a4ecf4f88"
}