Azure Policy built-in definitions for Azure Active Directory Domain Services

This page is an index of Azure Policy built-in policy definitions for Azure Active Directory Domain Services. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure Active Directory Domain Services

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Azure Active Directory Domain Services managed domains should use TLS 1.2 only mode Use TLS 1.2 only mode for your managed domains. By default, Azure AD Domain Services enables the use of ciphers such as NTLM v1 and TLS v1. These ciphers may be required for some legacy applications, but are considered weak and can be disabled if you don't need them. When TLS 1.2 only mode is enabled, any client making a request that is not using TLS 1.2 will fail. Learn more at https://docs.microsoft.com/azure/active-directory-domain-services/secure-your-domain. Audit, Deny, Disabled 1.1.0

Next steps