Share via

Azure Policy to deny creation of specific NSG priority rule

Az Cloud Learner 71 Reputation points
2021-05-06T13:05:42.2+00:00

Hello, I am looking for some suggestion with below implementation.

We have plan to reserve of the NSG Inbound & Outbound priorities ranges (eg. 100-200 ) and policy should deny the creation of NSG & NSG update rules within these ranges.

Can you please suggest, if its possible to implement this scenario, If there is already script is available for this, - Please share.

Thank you.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,775 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,018 questions
0 comments
Accepted answer
  1. msrini-MSFT 9,291 Reputation points Microsoft Employee
    2021-05-07T04:31:50.863+00:00

    Hi,

    I can share you the sample logic, please verify the syntax and apply to your Azure policy:

    {
    "field": "type",
    "equals": "Microsoft.Network/networkSecurityGroups/securityRules"
    },
    {
    "anyOf": [
    {
    "allOf": [
    {
    "field": "Microsoft.Network/networkSecurityGroups/securityRules/priority",
    "greaterOrEquals": 100
    },
    {
    "field": "Microsoft.Network/networkSecurityGroups/securityRules/priority",
    "lessOrEquals": 200
    }
    ]
    }

    "then": {
    "effect": "deny"
    }

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.