How to restrict public IP to all Azure DevTest Labs by policy
Question
We currently have the built in policy to disallow public ips scoped at the management group level which works when creating regular VMs in our environment. This policy does not block the creation of VMs with public IPs in DevTest labs even though they are created within the management group that has a policy blocking IPs. Has anyone ran into this?
1 answers
solution1
1 ACCPTED 2021-04-07 04:24:39
There are built-in policies working on Microsoft.Network/networkInterfaces level to block NICs have public IPs but VMs in DevTest Labs have different type of resources than regular VMs.
For example, you can restrict public IP on VMs in Azure DevTest Labs by policy like this:
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DevTestLab/labs/virtualmachines"
},
{
"not": {
"field": "Microsoft.DevTestLab/labs/virtualmachines/disallowPublicIpAddress",
"equals": true
}
}
]
},
"then": {
"effect": "deny"
}
}
},
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.