Azure Policy built-in definitions for Azure SignalR
This page is an index of Azure Policy built-in policy definitions for Azure SignalR. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
| Name (Azure portal) |
Description | Effect(s) | Version (GitHub) |
|---|---|---|---|
| Azure SignalR Service should disable public network access | To improve the security of Azure SignalR Service resource, ensure that it isn't exposed to the public internet and can only be accessed from a private endpoint. Disable the public network access property as described in https://docs.azure.cn/azure-signalr/howto-network-access-control. This option disables access from any public address space outside the Azure IP range, and denies all logins that match IP or virtual network-based firewall rules. This reduces data leakage risks. | Audit, Deny, Disabled | 1.1.0 |
| Azure SignalR Service should enable diagnostic logs | Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised | AuditIfNotExists, Disabled | 1.0.0 |
| Azure SignalR Service should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that Azure SignalR Service exclusively require Azure Active Directory identities for authentication. | Audit, Deny, Disabled | 1.0.0 |
| Azure SignalR Service should use a Private Link enabled SKU | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination which protect your resources against public data leakage risks. The policy limits you to Private Link enabled SKUs for Azure SignalR Service. Learn more about private link at: https://docs.azure.cn/azure-signalr/howto-private-endpoints. | Audit, Deny, Disabled | 1.0.0 |
| Azure SignalR Service should use private link | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your Azure SignalR Service resource instead of the entire service, you'll reduce your data leakage risks. Learn more about private links at: https://aka.ms/asrs/privatelink. | Audit, Disabled | 1.0.0 |
| Configure Azure SignalR Service to disable local authentication | Disable local authentication methods so that your Azure SignalR Service exclusively requires Azure Active Directory identities for authentication. | Modify, Disabled | 1.0.0 |
| Configure private endpoints to Azure SignalR Service | Private endpoints connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to Azure SignalR Service resources, you can reduce data leakage risks. Learn more at https://docs.azure.cn/azure-signalr/howto-private-endpoints. | DeployIfNotExists, Disabled | 1.0.0 |
| Modify Azure SignalR Service resources to disable public network access | To improve the security of Azure SignalR Service resource, ensure that it isn't exposed to the public internet and can only be accessed from a private endpoint. Disable the public network access property as described in https://docs.azure.cn/azure-signalr/howto-network-access-control. This option disables access from any public address space outside the Azure IP range, and denies all logins that match IP or virtual network-based firewall rules. This reduces data leakage risks. | Modify, Disabled | 1.1.0 |
- See the built-ins on the Azure Policy GitHub repo.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.