AVD Pattern - Unable to deploy because policy blocks Automation Accounts with Public Access Enabled

Azure / azure-monitor-baseline-alerts

Azure Monitor Baseline Alerts

MIT License

167 stars 243 forks source link

AVD Pattern - Unable to deploy because policy blocks Automation Accounts with Public Access Enabled #387

Open shawntmeyer opened 1 month ago

shawntmeyer commented 1 month ago

I've reviewed the underlying templates and realize that you enable public access to the automation account because you don't collect this parameter or the PrivateEndpoints array parameter. If access to the automation account is needed, please provide an option to submit the private endpoint Subnet ResourceId and PrivateDNS Zones for automation accounts.

JCoreMS commented 1 month ago

Thanks @shawntmeyer, valid security concern that was overlooked early on that we'll try to address. Ultimately, we want to get away from an automation account with some revised queries for KQL. Stay tuned.