azure-policy-hard-deny
Type: decision
Decision
Security controls are enforced through hard deny policies — misconfiguration is blocked, not just reported.
Why
Without enforcement, misconfiguration is invisible.
Violations
- Azure resource with public network access enabled.
- Resource with local authentication enabled.
- Key Vault configured with Access Policies instead of RBAC.
- Resource with minimum TLS version below 1.2.
- Storage account with cross-tenant object replication enabled.
Links
← Back to knowledge graph