Policy: Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault > 09.03.07 - Ensure that Public Network Access when using Private Endpoint is disabled

Configures auditing against a CIS Benchmark item.

Level: 2

When Private endpoint is configured on a Key Vault, connections from Azure resources within the same subnet will use its private IP address. However, network traffic from the public internet can still connect to the Key Vault's public endpoint using its public IP address unless Public network access is set to Disabled.

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault

Controls

Setting this policy configures this control:

Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault > 09.03.07 - Ensure that Public Network Access when using Private Endpoint is disabled

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault`
Valid Values [YAML]	`Per Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault` `Skip` `Check: Benchmark`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071401

Policy Type URI

tmod:@turbot/azure-cisv4-0#/policy/types/r090307

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/r090307") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/r090307'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/r090307'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/r090307"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/r090307"