Logic Apps - oWretch/policy GitHub Wiki
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Logic Apps |
Configure Logic apps to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. |
DeployIfNotExists Disabled |
||||||||
| Logic Apps |
Logic app should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |
Deny Disabled Audit |
||||||||
| Logic Apps |
Logic apps should disable public network access Disabling public network access improves security by ensuring that the Logic App is not exposed on the public internet. Creating private endpoints can limit exposure of a Logic App. Learn more at: https://aka.ms/app-service-private-endpoint. |
Deny Disabled Audit |
||||||||
| Logic Apps |
Resource logs in Logic Apps should be enabled Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |
AuditIfNotExists Disabled |
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Logic Apps |
Resource logs in Logic Apps should be enabled Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |
diagnosticsLogsInLogicAppsRetentionDays = 1
|