Audit/Deny ipSecurityRestrictions through Azure Policy

Campbell Thompson 1 Reputation point

Hi there,

I'm trying to create a custom policy to match ipSecurityRestriction rules for our organisational Public IP addresses.

I want to do this for Function Apps in the first instance, but once I have the policy created, I'll align it to other publicly facing Web Apps.

I'm having a real problem with the format of the policy. I'm feeding our Public IPs in to the policy via a parameter array, but I can't find the correct syntax to give a non-compliance. I've even tried to use a single IP to evaluate against, but I either get all of my resources reporting 100% compliant or 100% non-compliant, depending on the condition format.

Has anyone got a working policy that they can socialise? I'd be really appreciative.

Thanks in advance,


Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
830 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. DCtheGeek-MSFT 451 Reputation points Microsoft Employee

    What alias are you using for the Public IPs? Can you share the rule portion of the policy definition?

    0 comments No comments