Policy: Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets) > 02.02.01.01 - Ensure public network access is Disabled

Configures auditing against a CIS Benchmark item.

Level: 1

Disabling public network access for Azure services reduces the attack surface by ensuring that resources can only be accessed from authorized private networks.

This is a cross-cutting control that applies to multiple Azure services including Cognitive Services, Container Registry, Data Factory, Key Vault, MariaDB, MySQL, PostgreSQL, Search Services, SQL Database, and Storage Accounts.

Targets

This policy targets the following resource types:

Azure > Subscription

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets)

Attestation

Controls

Setting this policy configures this control:

Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets) > 02.02.01.01 - Ensure public network access is Disabled

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v4.0 > 02 - Common Reference Recommendations > 2.2.1 - Virtual Networks`
Valid Values [YAML]	`>- Per Azure > CIS v4.0 > 02 - Common Reference Recommendations > 2.2.1 - Virtual Networks` `Skip` `Check: Benchmark using attestation`

Schema Type

string

Default

Per Azure > CIS v4.0 > 02 - Common Reference Recommendations > 2.2.1 - Virtual Networks

Valid Values [YAML]

>-
  Per Azure > CIS v4.0 > 02 - Common Reference Recommendations > 2.2.1 - Virtual
  Networks

Skip

Check: Benchmark using attestation

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071406

Policy Type URI

tmod:@turbot/azure-cisv4-0#/policy/types/r02020101

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/r02020101") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/r02020101'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/r02020101'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/r02020101"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/r02020101"