moh-abk · March 4, 2025 11:46
diff --git a/storage-account.json b/storage-account.json
 {
    "properties": {
      "displayName": "Storage accounts should disable public network access (custom)",
      "description": "To improve the security of Storage Accounts, ensure that they aren't exposed to the public internet and can only be accessed from a private endpoint. This policy checks if public network access is enabled and if there are no network rules configured (empty virtualNetworkRules and ipRules).",
      "metadata": {
        "version": "1.0.1",
        "category": "Storage"
      },
      "parameters": {
        "effect": {
          "type": "String",
          "metadata": {
            "displayName": "Effect",
            "description": "Enable or disable the execution of the policy"
          },
          "allowedValues": [
            "Audit",
            "Deny",
            "Disabled"
          ],
          "defaultValue": "Audit"
        }
      },
      "policyRule": {
        "if": {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.Storage/storageAccounts"
            },
            {
              "field": "Microsoft.Storage/storageAccounts/publicNetworkAccess",
              "notEquals": "Disabled"
            },
            {
              "allOf": [
                {
                  "value": "[length(field('Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules'))]",
                  "equals": 0
                },
                {
                  "value": "[length(field('Microsoft.Storage/storageAccounts/networkAcls.ipRules'))]",
                  "equals": 0
                }
              ]
            }
          ]
        },
        "then": {
          "effect": "[parameters('effect')]"
        }
      }
    },
    "type": "Microsoft.Authorization/policyDefinitions",
    "name": "storage-accounts-should-disable-public-network-access-custom"
  }
	{
	"properties": {
	"displayName": "Storage accounts should disable public network access (custom)",
	"description": "To improve the security of Storage Accounts, ensure that they aren't exposed to the public internet and can only be accessed from a private endpoint. This policy checks if public network access is enabled and if there are no network rules configured (empty virtualNetworkRules and ipRules).",
	"metadata": {
	"version": "1.0.1",
	"category": "Storage"
	},
	"parameters": {
	"effect": {
	"type": "String",
	"metadata": {
	"displayName": "Effect",
	"description": "Enable or disable the execution of the policy"
	},
	"allowedValues": [
	"Audit",
	"Deny",
	"Disabled"
	],
	"defaultValue": "Audit"
	}
	},
	"policyRule": {
	"if": {
	"allOf": [
	{
	"field": "type",
	"equals": "Microsoft.Storage/storageAccounts"
	},
	{
	"field": "Microsoft.Storage/storageAccounts/publicNetworkAccess",
	"notEquals": "Disabled"
	},
	{
	"allOf": [
	{
	"value": "[length(field('Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules'))]",
	"equals": 0
	},
	{
	"value": "[length(field('Microsoft.Storage/storageAccounts/networkAcls.ipRules'))]",
	"equals": 0
	}
	]
	}
	]
	},
	"then": {
	"effect": "[parameters('effect')]"
	}
	}
	},
	"type": "Microsoft.Authorization/policyDefinitions",
	"name": "storage-accounts-should-disable-public-network-access-custom"
	}