Policy: Azure > Container Registry > Registry > Anonymous Pull Access

Define the Anonymous Pull Access settings required for Azure > Container Registry > Registry.

The Anonymous Pull Access policy determines whether anonymous pull access for Azure Container Registry should be Enabled or Disabled.

When anonymous pull access is enabled, the Container Registry allows unauthenticated users to pull container images. This provides convenience but may reduce security by allowing public access to container images.

Targets

This policy targets the following resource types:

Azure > Container Registry > Registry

Controls

Setting this policy configures this control:

Azure > Container Registry > Registry > Anonymous Pull Access

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Enabled` `Check: Disabled` `Enforce: Enabled` `Enforce: Disabled`
Examples [YAML]	`Check: Disabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/security

Policy Type URI

tmod:@turbot/azure-containerregistry#/policy/types/registryAnonymousPullAccess

GraphQL

query policyType(id: "tmod:@turbot/azure-containerregistry#/policy/types/registryAnonymousPullAccess") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-containerregistry#/policy/types/registryAnonymousPullAccess'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-containerregistry#/policy/types/registryAnonymousPullAccess'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-containerregistry#/policy/types/registryAnonymousPullAccess"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-containerregistry#/policy/types/registryAnonymousPullAccess"