Adaptive Network Hardenings - Enforce
Enforces the given rules on the NSG(s) listed in the request
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings/{adaptiveNetworkHardeningResourceName}/enforce?api-version=2020-01-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
adaptive
|
path | True |
Enforces the given rules on the NSG(s) listed in the request |
|
adaptive
|
path | True |
string |
The name of the Adaptive Network Hardening resource. |
resource
|
path | True |
string |
The name of the resource group within the user's subscription. The name is case insensitive. Regex pattern: |
resource
|
path | True |
string |
Name of the resource. |
resource
|
path | True |
string |
The Namespace of the resource. |
resource
|
path | True |
string |
The type of the resource. |
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
api-version
|
query | True |
string |
API version for the operation |
Request Body
Name | Required | Type | Description |
---|---|---|---|
networkSecurityGroups | True |
string[] |
The Azure resource IDs of the effective network security groups that will be updated with the created security rules from the Adaptive Network Hardening rules |
rules | True |
Rule[] |
The rules to enforce |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK. |
|
202 Accepted |
Accepted |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Enforces the given rules on the NSG(s) listed in the request
Sample request
POST https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/rg1/providers/Microsoft.Compute/virtualMachines/vm1/providers/Microsoft.Security/adaptiveNetworkHardenings/default/enforce?api-version=2020-01-01
{
"rules": [
{
"name": "rule1",
"direction": "Inbound",
"destinationPort": 3389,
"protocols": [
"TCP"
],
"ipAddresses": [
"100.10.1.1",
"200.20.2.2",
"81.199.3.0/24"
]
},
{
"name": "rule2",
"direction": "Inbound",
"destinationPort": 22,
"protocols": [
"TCP"
],
"ipAddresses": []
}
],
"networkSecurityGroups": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/rg2/providers/Microsoft.Network/networkSecurityGroups/nsg2"
]
}
Sample response
Definitions
Name | Description |
---|---|
Adaptive |
Enforces the given rules on the NSG(s) listed in the request |
Adaptive |
|
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
Cloud |
The error detail. |
direction |
The rule's direction |
Error |
The resource management error additional info. |
Rule |
Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked |
transport |
The rule's transport protocols |
AdaptiveNetworkHardeningEnforceAction
Enforces the given rules on the NSG(s) listed in the request
Name | Type | Description |
---|---|---|
enforce |
string |
AdaptiveNetworkHardeningEnforceRequest
Name | Type | Description |
---|---|---|
networkSecurityGroups |
string[] |
The Azure resource IDs of the effective network security groups that will be updated with the created security rules from the Adaptive Network Hardening rules |
rules |
Rule[] |
The rules to enforce |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
Name | Type | Description |
---|---|---|
error.additionalInfo |
The error additional info. |
|
error.code |
string |
The error code. |
error.details |
The error details. |
|
error.message |
string |
The error message. |
error.target |
string |
The error target. |
CloudErrorBody
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
direction
The rule's direction
Name | Type | Description |
---|---|---|
Inbound |
string |
|
Outbound |
string |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
Rule
Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked
Name | Type | Description |
---|---|---|
destinationPort |
integer |
The rule's destination port |
direction |
The rule's direction |
|
ipAddresses |
string[] |
The remote IP addresses that should be able to communicate with the Azure resource on the rule's destination port and protocol |
name |
string |
The name of the rule |
protocols |
The rule's transport protocols |
transportProtocol
The rule's transport protocols
Name | Type | Description |
---|---|---|
TCP |
string |
|
UDP |
string |