Network - 25539 IDPS Inspection is Enabled in Deny Mode on Azure Firewall#833
Network - 25539 IDPS Inspection is Enabled in Deny Mode on Azure Firewall#833komalp2025 wants to merge 39 commits intomainfrom
Conversation
komalp2025
force-pushed
the
Network-25339-IDPS-Inspection-is-Enabled-in-Deny-Mode-on-Azure-Firewall-2
branch
from
fca6c07 to
956aaa0
Compare
komalp2025
force-pushed
the
Network-25339-IDPS-Inspection-is-Enabled-in-Deny-Mode-on-Azure-Firewall-2
branch
from
7f7b006 to
47fbbf8
Compare
merill
left a comment
merill
left a comment
There was a problem hiding this comment.
We need a Passed or Failed (or Skipped if not connected or error occurs). See what Sandeep is doing for a similar test.
komalp2025
changed the title
Hi @merill , I have updated the code accordingly and add skip logic before return. Also for policy with non premium tier, i we need to silently continue with it as in one subscription there can be premium / non premium policy. |
There was a problem hiding this comment.
Pull request overview
This PR adds a new test (25539) to validate that Azure Firewall Premium policies have Intrusion Detection and Prevention System (IDPS) enabled in "Deny" mode, ensuring that malicious traffic patterns are actively blocked.
Changes:
- Adds PowerShell test to check IDPS configuration across Azure Firewall Premium policies
- Includes markdown documentation explaining IDPS requirements and remediation steps
- Implements subscription-wide scanning with proper error handling for access denied scenarios
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| src/powershell/tests/Test-Assessment.25539.ps1 | Implements the test logic to enumerate Azure subscriptions, retrieve firewall policies, and validate IDPS settings |
| src/powershell/tests/Test-Assessment.25539.md | Provides documentation about IDPS functionality, test criteria, and remediation guidance |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| # Skip if SKU tier is not Premium | ||
| if ($policyResource.Properties.sku.tier -ne 'Premium') { |
There was a problem hiding this comment.
There's a potential null reference issue here. While line 158 checks if Properties exists, it doesn't check if the sku property exists before accessing sku.tier. If a firewall policy's sku property is null or missing, this line will throw an error. Consider adding a null check, such as: if ($policyResource.Properties.sku -and $policyResource.Properties.sku.tier -ne 'Premium')
| if ($policyResource.Properties.sku.tier -ne 'Premium') { | |
| if (-not $policyResource.Properties.sku -or $policyResource.Properties.sku.tier -ne 'Premium') { |
fix typo Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
removing step 3 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…n-Azure-Firewall-2' of https://github.com/microsoft/zerotrustassessment into Network-25339-IDPS-Inspection-is-Enabled-in-Deny-Mode-on-Azure-Firewall-2
* added helper function * updated query * resolved Copilot comments * updated the code
* draft - 35039 * add 35039 * remove redundant title * remove array wrapper * Fix links in Test-Assessment.35039.md Updated links in Test-Assessment.35039.md for accuracy.
* added NotApplicable reason * Update message for 'NotApplicable' case in Get-ZtSkippedReason --------- Co-authored-by: Aleksandar Nikolić <alexandair@live.com>
Bumps [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) from 1.24.0 to 1.26.0. - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.24.0...v1.26.0) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fix typo Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
removing step 3 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
closing the branch, messed up during rebasing. |
Task ID - https://github.com/microsoft/ztspecs/issues/46