Aug 18 2020 02:54 AM
I am trying to create a policy which does not allow security inbound rules for destination port 22 and source any. Policy definition is saved and assigned, but I can still create an inbound rule for destination port 22 with source any.
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange",
"equals": "22"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix",
"equals": "*"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/direction",
"equals": "Inbound"
}
]
},
"then": {
"effect": "deny"
}
}
Any idea what I
Aug 18 2020 06:38 AM
never mind, I was to impatient. it takes some time before the policy is active/effective.