App Configuration - oWretch/policy GitHub Wiki

Policy Effects by Policy

Category	Policy	Production	Corp
App Configuration	App Configuration should disable public network access Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can limit exposure of your resources by creating private endpoints instead. Learn more at: https://aka.ms/appconfig/private-endpoint.		Deny Disabled Audit
App Configuration	App Configuration should use private link Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your app configuration instances instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.	AuditIfNotExists Disabled
App Configuration	Configure private DNS zones for private endpoints connected to App Configuration Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve app configuration instances. Learn more at: https://aka.ms/appconfig/private-endpoint.		DeployIfNotExists Disabled

Category	Policy	Platform	Landing Zones	Production	Decommissioned	Management	Corp	Connectivity	Sandbox	Identity
App Configuration	Configure private DNS zones for private endpoints connected to App Configuration Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve app configuration instances. Learn more at: https://aka.ms/appconfig/private-endpoint.						azureAppPrivateDnsZoneId = `--DNSZonePrefix--privatelink.azconfig.io`