module/ConfigurationProvider/ControlConfigurations/Services/AppConfiguration.json
|
{
"FeatureName": "AppConfiguration", "Reference": "", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_AppConfiguration_NetSec_Use_Private_Link_MCSB", "Description": "[MCSB] App Configuration should use private link", "Id": "AppConfiguration100", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "MDC", "DisplayName": "[MCSB] App Configuration should use private link", "Category": "Deploy controls to restrict network traffic", "ControlRequirements": "Restrict network traffic flows", "Rationale": "Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network.By mapping private endpoints to your container registries instead of the entire service, you'll also be protected against data leakage risks.", "Recommendation": "To use private endpoints in Azure App Configurations please refer: https://learn.microsoft.com/en-us/azure/azure-app-configuration/concept-private-endpoint#connecting-to-private-endpoints", "Tags": [ "Automated", "NetSec", "Baseline", "AppConfiguration" ], "AssessmentProperties": { "AssessmentNames": [ "8318c3a1-fcac-2e1d-9582-50912e5578e5" ], "AssessmentStatusMappings": [ { "AssessmentStatusCode": "NotApplicable", "EffectiveVerificationResult": "Failed", "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*", "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed." } ] }, "Enabled": false, "CustomTags": [ "Daily", "MCSB" ] } ] } |