Azure Load Balancer - Read Access using Azure Policy

Girish Prajwal 606 Reputation points
2020-09-22T08:19:33.64+00:00

Hi Team,

I have created a policy today for Azure load balancer having read access. However, I was unsure on the parameters binding for "READ" access. Request you to validate and add the missing lines if any for the below template.

{
"properties": {
"displayName": "Azure Load Balancer Read access",
"policyType": "Custom",
"mode": "All",
"description": "All users should have Read access to Azure Load Balancers.\n",
"metadata": {
"category": "Network",
"createdBy": "a51a-55-4d-b6-40",
"createdOn": "2020-09-22T07:50:52.604408Z",
"updatedBy": null,
"updatedOn": null
},
"parameters": {},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/LoadBalancers"
},
"then": {
"effect": "deny"
}
}
},

Regards,
Girish Prajwal

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
509 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Swathi Dhanwada 9,386 Reputation points Microsoft Employee
    2020-09-25T09:01:27.333+00:00

    @Girish Prajwal Here are the steps to make sure all the users have read access to Azure Load Balancer.

    1) Create the Dynamic Group by following the steps mentioned this document so that it includes all the users of type Member and Guest of Azure Active Directory.

    2) Create a Custom Role which has contain read access permissions to the Azure Load Balancer by following the steps mentioned in this document.

    3) Assign the Custom Role to the Dynamic Group so that the permissions will be applied to all the users. For more information, refer this document.

    Kindly try above steps and revert if you have further questions.