question

AzCloudLearner-4816 avatar image
0 Votes"
AzCloudLearner-4816 asked AzCloudLearner-4816 commented

Azure Policy to deny creation of specific NSG priority rule

Hello, I am looking for some suggestion with below implementation.

We have plan to reserve of the NSG Inbound & Outbound priorities ranges (eg. 100-200 ) and policy should deny the creation of NSG & NSG update rules within these ranges.

Can you please suggest, if its possible to implement this scenario, If there is already script is available for this, - Please share.

Thank you.

azure-virtual-networkazure-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

msrini-MSFT avatar image
0 Votes"
msrini-MSFT answered AzCloudLearner-4816 commented

Hi,

I can share you the sample logic, please verify the syntax and apply to your Azure policy:

{
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/priority",
"greaterOrEquals": 100
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/priority",
"lessOrEquals": 200
}
]
}

"then": {
"effect": "deny"
}

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for suggestions. I will check and share feedback on this.

0 Votes 0 ·