Network - 25539 IDPS Inspection is Enabled in Deny Mode on Azure Firewall#833
Network - 25539 IDPS Inspection is Enabled in Deny Mode on Azure Firewall#833komalp2025 wants to merge 17 commits intomainfrom
Conversation
komalp2025
force-pushed
the
Network-25339-IDPS-Inspection-is-Enabled-in-Deny-Mode-on-Azure-Firewall-2
branch
from
fca6c07 to
956aaa0
Compare
komalp2025
force-pushed
the
Network-25339-IDPS-Inspection-is-Enabled-in-Deny-Mode-on-Azure-Firewall-2
branch
from
7f7b006 to
47fbbf8
Compare
merill
left a comment
merill
left a comment
There was a problem hiding this comment.
We need a Passed or Failed (or Skipped if not connected or error occurs). See what Sandeep is doing for a similar test.
komalp2025
changed the title
Hi @merill , I have updated the code accordingly and add skip logic before return. Also for policy with non premium tier, i we need to silently continue with it as in one subscription there can be premium / non premium policy. |
There was a problem hiding this comment.
Pull request overview
This PR adds a new test (25539) to validate that Azure Firewall Premium policies have Intrusion Detection and Prevention System (IDPS) enabled in "Deny" mode, ensuring that malicious traffic patterns are actively blocked.
Changes:
- Adds PowerShell test to check IDPS configuration across Azure Firewall Premium policies
- Includes markdown documentation explaining IDPS requirements and remediation steps
- Implements subscription-wide scanning with proper error handling for access denied scenarios
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| src/powershell/tests/Test-Assessment.25539.ps1 | Implements the test logic to enumerate Azure subscriptions, retrieve firewall policies, and validate IDPS settings |
| src/powershell/tests/Test-Assessment.25539.md | Provides documentation about IDPS functionality, test criteria, and remediation guidance |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| # Skip if SKU tier is not Premium | ||
| if ($policyResource.Properties.sku.tier -ne 'Premium') { |
There was a problem hiding this comment.
There's a potential null reference issue here. While line 158 checks if Properties exists, it doesn't check if the sku property exists before accessing sku.tier. If a firewall policy's sku property is null or missing, this line will throw an error. Consider adding a null check, such as: if ($policyResource.Properties.sku -and $policyResource.Properties.sku.tier -ne 'Premium')
| if ($policyResource.Properties.sku.tier -ne 'Premium') { | |
| if (-not $policyResource.Properties.sku -or $policyResource.Properties.sku.tier -ne 'Premium') { |
fix typo Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
removing step 3 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…n-Azure-Firewall-2' of https://github.com/microsoft/zerotrustassessment into Network-25339-IDPS-Inspection-is-Enabled-in-Deny-Mode-on-Azure-Firewall-2
2 participants
Task ID - https://github.com/microsoft/ztspecs/issues/46