Azure 事件中心的 Azure Policy 内置定义Azure Policy built-in definitions for Azure Event Hubs

此页是 Azure 事件中心的 Azure Policy 内置策略定义的索引。This page is an index of Azure Policy built-in policy definitions for Azure Event Hubs. 有关其他服务的其他 Azure Policy 内置定义,请参阅 Azure Policy 内置定义For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

每个内置策略定义链接(指向 Azure 门户中的策略定义)的名称。The name of each built-in policy definition links to the policy definition in the Azure portal. 使用“版本”列中的链接查看 Azure Policy GitHub 存储库上的源。Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure 事件中心Azure Event Hubs

名称Name 说明Description 效果Effect(s) 版本Version GitHubGitHub
应从事件中心命名空间中删除 RootManageSharedAccessKey 以外的所有授权规则All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace 服务中心客户端不应使用提供对命名空间中所有队列和主题的访问的命名空间级访问策略。Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. 为了与最低权限安全模型保持一致,应在实体级别为队列和主题创建访问策略,以便仅提供对特定实体的访问权限To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity Audit, Deny, 已禁用Audit, Deny, Disabled 1.0.11.0.1 链接Link
应针对事件中心实例定义授权规则Authorization rules on the Event Hub instance should be defined 审核是否存在针对事件中心实体的授权规则,以便授予最低权限访问权限Audit existence of authorization rules on Event Hub entities to grant least-privileged access AuditIfNotExists, 已禁用AuditIfNotExists, Disabled 1.0.01.0.0 链接Link
将事件中心的诊断设置部署到事件中心Deploy Diagnostic Settings for Event Hub to Event Hub 在创建或更新缺少事件中心的诊断设置的任何事件中心时,将此诊断设置流式部署到区域事件中心。Deploys the diagnostic settings for Event Hub to stream to a regional Event Hub when any Event Hub which is missing this diagnostic settings is created or updated. DeployIfNotExists、DisabledDeployIfNotExists, Disabled 2.0.02.0.0 链接Link
将事件中心的诊断设置部署到 Log Analytics 工作区Deploy Diagnostic Settings for Event Hub to Log Analytics workspace 在创建或更新缺少事件中心的诊断设置的任何事件中心时,将此诊断设置流式部署到 Log Analytics 工作区。Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is created or updated. DeployIfNotExists、DisabledDeployIfNotExists, Disabled 1.0.01.0.0 链接Link
应启用事件中心的诊断日志Diagnostic logs in Event Hub should be enabled 审核是否已启用诊断日志。Audit enabling of diagnostic logs. 这样便可以在发生安全事件或网络受到威胁时重新创建活动线索以用于调查目的This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised AuditIfNotExists, 已禁用AuditIfNotExists, Disabled 2.0.02.0.0 链接Link
事件中心应使用虚拟网络服务终结点Event Hub should use a virtual network service endpoint 此策略审核任何未配置为使用虚拟网络服务终结点的事件中心。This policy audits any Event Hub not configured to use a virtual network service endpoint. AuditIfNotExists、DisabledAuditIfNotExists, Disabled 1.0.01.0.0 链接Link

后续步骤Next steps