search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.69k stars 964 forks source link

Feature Request - Deny-PublicPaaSEndpoints dont include deployments slots for App Services. #1546

Closed MikaelJcSoderberg closed 3 months ago

MikaelJcSoderberg commented 8 months ago

This policy set does not include a policy to handle deployment slots for App Services : Deny-PublicPaaSEndpoints

A user can create a slot and expose the service.

jtracey93 commented 8 months ago

thanks @MikaelJcSoderberg for the awareness.

Are you aware of a built-in policy that exists that we can add to the initiative to close this gap?

MikaelJcSoderberg commented 8 months ago

My colleague dug up this one: /providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622

Without having validated by assigning it, it looks like what would be needed.

Springstone commented 7 months ago

Thanks @MikaelJcSoderberg, we'll add that to our Deny-PaaS coverage.

AB33221

Springstone commented 4 months ago

Addressed in PR #1622