cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Disable FTP in Azure Policy

%3CLINGO-SUB%20id%3D%22lingo-sub-2034912%22%20slang%3D%22en-US%22%3EDisable%20FTP%20in%20Azure%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2034912%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%20is%20there%20an%20equivalent%20azure%20policy%20that%20disables%20the%20FTP%20of%20my%20applications%20in%20my%20subscription%3F%20If%20none%2C%20how%20can%20I%20disable%20the%20FTP%20of%20the%20applications%20under%20my%20subscription%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2034912%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EFTP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2035354%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20FTP%20in%20Azure%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2035354%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F883312%22%20target%3D%22_blank%22%3E%40UserID883312%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20there%20is%20builtin%20policy%20to%20do%20that%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGo%20to%20policy%20definitions%20blade%20%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_Azure_Policy%2FPolicyMenuBlade%2FDefinitions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPolicy%20-%20Microsoft%20Azure%3C%2FA%3E%3C%2FP%3E%3CP%3ESearch%20for%20ftp%26nbsp%3B%20and%20you%20will%20see%203%20policies%20%3A%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22ext-grid-formatters-svg%22%3E%3CSPAN%20class%3D%22msportalfx-text-ellipsis%22%3EFTPS%20only%20should%20be%20required%20in%20your%20Function%20App%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ext-grid-formatters-svg%22%3E%3CSPAN%20class%3D%22msportalfx-text-ellipsis%22%3E%3CSPAN%3EFTPS%20should%20be%20required%20in%20your%20Web%20App%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ext-grid-formatters-svg%22%3E%3CSPAN%20class%3D%22msportalfx-text-ellipsis%22%3E%3CSPAN%3EFTPS%20only%20should%20be%20required%20in%20your%20API%20App%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CP%3ETake%20the%20policy%20for%20the%20web%20app%20and%20assign%20it%20to%20your%20subscription%20or%20resource%20groups%26nbsp%3B%3C%2FP%3E%3CP%3EEnforce%20the%20policy%20and%20add%20a%20remediation%20step%20with%20a%20managed%20identity%20(Deploy%20if%20not%20exists)%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20also%20manually%20enforce%20FTPs%3C%2FP%3E%3CP%3EThe%20link%20below%20show%20how%20use%26nbsp%3B%3CSPAN%3EFTP%20over%20TLS%2FSSL%20only%20(See%20Enforce%20FTPs%26nbsp%3B%20section%20)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fdeploy-ftp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeploy%20content%20using%20FTP%2FS%20-%20Azure%20App%20Service%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2035583%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20FTP%20in%20Azure%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2035583%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540591%22%20target%3D%22_blank%22%3E%40ibrahimambodji%3C%2FA%3E%26nbsp%3Bthank%20you%2C%20but%20aren't%20those%20policies%20is%20to%20enable%20FTP%3F%20I%20need%20the%20policy%20that%20disables%20the%20FTP%20state.%3C%2FP%3E%3C%2FLINGO-BODY%3E
UserID883312
Occasional Contributor

‎01-05-2021 06:48 PM - edited ‎01-05-2021 06:55 PM

‎01-05-2021 06:48 PM - edited ‎01-05-2021 06:55 PM

Disable FTP in Azure Policy

Hello all, is there an equivalent azure policy that disables the FTP of my applications in my subscription? If none, how can I disable the FTP of the applications under my subscription?

Labels:
208 Views
0 Likes
5 Replies
Reply
5 Replies
ibrahimambodji

‎01-06-2021 01:06 AM

‎01-06-2021 01:06 AM

Re: Disable FTP in Azure Policy

@UserID883312 

 

Hi there is builtin policy to do that 

 

Go to policy definitions blade : 

Policy - Microsoft Azure

Search for ftp  and you will see 3 policies :  

FTPS only should be required in your Function App
FTPS should be required in your Web App
FTPS only should be required in your API App

Take the policy for the web app and assign it to your subscription or resource groups 

Enforce the policy and add a remediation step with a managed identity (Deploy if not exists)  

You can also manually enforce FTPs

The link below show how use FTP over TLS/SSL only (See Enforce FTPs  section )

 

Deploy content using FTP/S - Azure App Service | Microsoft Docs

0 Likes
Reply
UserID883312

‎01-06-2021 01:42 AM

‎01-06-2021 01:42 AM

Re: Disable FTP in Azure Policy

@ibrahimambodji thank you, but aren't those policies is to enable FTP? I need the policy that disables the FTP state.

0 Likes
Reply
Best Response confirmed by UserID883312 (Occasional Contributor)
ibrahimambodji

‎01-06-2021 02:04 AM

‎01-06-2021 02:04 AM

Solution

Re: Disable FTP in Azure Policy

@UserID883312 

 

You're welcome it's mentionned on the definition FTPs (s=secure) . If FTPs is enabled FTP will be disabled . 

Below the details : 

Name
FTPS should be required in your Web App
Description
Enable FTPS enforcement for enhanced security
Available Effects
AuditIfNotExists, Disabled
Category
App Service
 
Json definition :  
{
  "properties": {
    "displayName": "FTPS should be required in your Web App",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enable FTPS enforcement for enhanced security",
    "metadata": {
      "version": "2.0.0",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Web/sites"
          },
          {
            "field": "kind",
            "like": "app*"
          }
        ]
      },
      "then": {
 
By the way if you want to disable both  you cannot do that through policy but it's documented 
To disable both FTP and FTPS entirely, select Disabled. When finished, click Save
Deploy content using FTP/S - Azure App Service | Microsoft Docs
 
 
 
 
 
 
 
0 Likes
Reply
UserID883312

‎01-06-2021 02:17 AM

‎01-06-2021 02:17 AM

Re: Disable FTP in Azure Policy

@ibrahimambodji Okay great, that helps a lot. Thank you!

0 Likes
Reply
ibrahimambodji

‎01-06-2021 02:29 AM

‎01-06-2021 02:29 AM

Re: Disable FTP in Azure Policy

@UserID883312 

 

Youre welcome , glad that can help. 

Thank you.

0 Likes
Reply