Forum Discussion

AshishGupta1's avatar
AshishGupta1
Copper Contributor
Jul 13, 2023
Solved

Azure Policy, type Static

I am going through the Azure Policy documentation, while I understand all the 3 types mentioned in there. I couldn't see any policy with type set as static.

 

I enabled NIST SP 800-53 R4 from Security Policy section in Defender for cloud, still I can't see any policy within this initiative, where type would be set to static.

 

I am just trying to look for an example of a static policy type.

Azure Policy
  • Jesse Loudon's avatar
    Jesse Loudon
    Jul 20, 2023

    AshishGupta1 

     

    Here's an example of a static policy (copied from the Azure Portal)

     

    {
  "properties": {
    "displayName": "Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements",
    "policyType": "Static",
    "mode": "Indexed",
    "description": "Microsoft implements this Access Control control",
    "metadata": {
      "version": "1.0.1",
      "category": "Regulatory Compliance",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "in": [
              "Microsoft.Resources/subscriptions",
              "Microsoft.Resources/subscriptions/resourceGroups"
            ]
          },
          {
            "value": "false",
            "equals": "true"
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2ef3cc79-733e-48ed-ab6f-7bf439e9b406"
}

     

    You can use the AzAdvertizer website to easily search policies of type 'Static' which will give you a nice index to filter and drill into further if you want.

     

    https://www.azadvertizer.net/azpolicyadvertizer_all.html#%7B%22col_11%22%3A%7B%22flt%22%3A%22Static%22%7D%7D

     

  • Jesse Loudon's avatar
    Jesse Loudon
    Brass Contributor
    Jul 20, 2023

    AshishGupta1 

     

    Here's an example of a static policy (copied from the Azure Portal)

     

    {
  "properties": {
    "displayName": "Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements",
    "policyType": "Static",
    "mode": "Indexed",
    "description": "Microsoft implements this Access Control control",
    "metadata": {
      "version": "1.0.1",
      "category": "Regulatory Compliance",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "in": [
              "Microsoft.Resources/subscriptions",
              "Microsoft.Resources/subscriptions/resourceGroups"
            ]
          },
          {
            "value": "false",
            "equals": "true"
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2ef3cc79-733e-48ed-ab6f-7bf439e9b406"
}

     

    You can use the AzAdvertizer website to easily search policies of type 'Static' which will give you a nice index to filter and drill into further if you want.

     

    https://www.azadvertizer.net/azpolicyadvertizer_all.html#%7B%22col_11%22%3A%7B%22flt%22%3A%22Static%22%7D%7D

     

    • AshishGupta1's avatar
      AshishGupta1
      Copper Contributor
      Jul 20, 2023
      Thanks Jesse, that's exactly what I was looking for!
      And the link is super useful, thanks for sharing.

Resources