question

RichardMisiak-4422 avatar image
0 Votes"
RichardMisiak-4422 asked SwathiDhanwada-MSFT answered

Policy to prevent creation of app services without authentication

I wish to create a policy that will prevent the creation of app services without authentication enabled (just auditing them is not enough).

The following policy can correctly identify existing resources that do not have authentication enabled:

 {
   "mode": "All",
   "policyRule": {
     "if": {
       "allOf": [
         {
           "field": "Microsoft.Web/sites/config/siteAuthEnabled",
           "equals": "false"
         }
       ]
     },
     "then": {
       "effect": "deny"
     }
   }
 }

however it does not prevent them being created in the first place (either via ARM template or through the portal).

I suspect this is because the Microsoft.Web/sites/config resource isn't being explicitly created.

Does anyone know if this is possible?

azure-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT answered

@RichardMisiak-4422 Welcome to Microsoft Q & A Community Platform. Apologies for late response. Seems Azure Policy doesn't support auditing the authentication as per this Github thread and this is documented in known issues of Azure Policy.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.