Azure Policy built-in definitions for Azure Event Grid
This page is an index of Azure Policy built-in policy definitions for Azure Event Grid. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
Azure Event Grid
| Name (Azure portal) |
Description | Effect(s) | Version (GitHub) |
|---|---|---|---|
| Azure Event Grid domains should disable public network access | Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can limit exposure of your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints. | Audit, Deny, Disabled | 1.0.0 |
| Azure Event Grid domains should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that Azure Event Grid domains exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aeg-disablelocalauth. | Audit, Deny, Disabled | 1.0.0 |
| Azure Event Grid domains should use private link | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your Event Grid domain instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints. | Audit, Disabled | 1.0.2 |
| Azure Event Grid namespace MQTT broker should use private link | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your Event Grid namespace instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/aeg-ns-privateendpoints. | Audit, Disabled | 1.0.0 |
| Azure Event Grid namespace topic broker should use private link | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your Event Grid namespace instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/aeg-ns-privateendpoints. | Audit, Disabled | 1.0.0 |
| Azure Event Grid namespaces should disable public network access | Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can limit exposure of your resources by creating private endpoints instead. Learn more at: https://aka.ms/aeg-ns-privateendpoints. | Audit, Deny, Disabled | 1.0.0 |
| Azure Event Grid partner namespaces should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that Azure Event Grid partner namespaces exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aeg-disablelocalauth. | Audit, Deny, Disabled | 1.0.0 |
| Azure Event Grid topics should disable public network access | Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can limit exposure of your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints. | Audit, Deny, Disabled | 1.0.0 |
| Azure Event Grid topics should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that Azure Event Grid topics exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aeg-disablelocalauth. | Audit, Deny, Disabled | 1.0.0 |
| Azure Event Grid topics should use private link | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your Event Grid topic instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints. | Audit, Disabled | 1.0.2 |
| Configure Azure Event Grid domains to disable local authentication | Disable local authentication methods so that your Azure Event Grid domains exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aeg-disablelocalauth. | Modify, Disabled | 1.0.0 |
| Configure Azure Event Grid namespace MQTT broker with private endpoints | Private endpoints lets you connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your resources, they'll be protected against data leakage risks. Learn more at: https://aka.ms/aeg-ns-privateendpoints. | DeployIfNotExists, Disabled | 1.0.0 |
| Configure Azure Event Grid namespaces with private endpoints | Private endpoints lets you connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your resources, they'll be protected against data leakage risks. Learn more at: https://aka.ms/aeg-ns-privateendpoints. | DeployIfNotExists, Disabled | 1.0.0 |
| Configure Azure Event Grid partner namespaces to disable local authentication | Disable local authentication methods so that your Azure Event Grid partner namespaces exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aeg-disablelocalauth. | Modify, Disabled | 1.0.0 |
| Configure Azure Event Grid topics to disable local authentication | Disable local authentication methods so that your Azure Event Grid topics exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aeg-disablelocalauth. | Modify, Disabled | 1.0.0 |
| Deploy - Configure Azure Event Grid domains with private endpoints | Private endpoints lets you connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your resources, they'll be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints. | DeployIfNotExists, Disabled | 1.0.0 |
| Deploy - Configure Azure Event Grid topics with private endpoints | Private endpoints lets you connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your resources, they'll be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints. | DeployIfNotExists, Disabled | 1.0.0 |
| Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Event Hub | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Event Grid Domains (microsoft.eventgrid/domains). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.1.0 |
| Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Log Analytics | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Domains (microsoft.eventgrid/domains). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.0.0 |
| Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Storage | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Event Grid Domains (microsoft.eventgrid/domains). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.0.0 |
| Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Event Hub | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.1.0 |
| Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Log Analytics | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.0.0 |
| Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Storage | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.0.0 |
| Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Event Hub | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Event Grid Topics (microsoft.eventgrid/topics). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.1.0 |
| Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Log Analytics | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Topics (microsoft.eventgrid/topics). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.0.0 |
| Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Storage | Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Event Grid Topics (microsoft.eventgrid/topics). | DeployIfNotExists, AuditIfNotExists, Disabled | 1.0.0 |
| Modify - Configure Azure Event Grid domains to disable public network access | Disable public network access for Azure Event Grid resource so that it isn't accessible over the public internet. This will help protect them against data leakage risks. You can limit exposure of the your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints. | Modify, Disabled | 1.0.0 |
| Modify - Configure Azure Event Grid topics to disable public network access | Disable public network access for Azure Event Grid resource so that it isn't accessible over the public internet. This will help protect them against data leakage risks. You can limit exposure of the your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints. | Modify, Disabled | 1.0.0 |
Next steps
- See the built-ins on the Azure Policy GitHub repo.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for