AzPolicyAdvertizer

last sync: 2024-Sep-19 17:51:32 UTC

Storage accounts should prevent cross tenant object replication

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Storage accounts should prevent cross tenant object replication

92a89a79-6c52-4a7e-a03f-61306fc49312

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]

Category

Storage
Microsoft Learn

Description

Audit restriction of object replication for your storage account. By default, users can configure object replication with a source storage account in one Azure AD tenant and a destination account in a different tenant. It is a security concern because customer's data can be replicated to a storage account that is owned by the customer. By setting allowCrossTenantReplication to false, objects replication can be configured only if both source and destination accounts are in the same Azure AD tenant.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/allowCrossTenantReplication	Microsoft.Storage	storageAccounts	properties.allowCrossTenantReplication	True		True

Rule resource types

IF (1)
Microsoft.Storage/storageAccounts

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Enforce recommended guardrails for Storage Account	Enforce-Guardrails-Storage	Storage	GA	ALZ

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-09-27 15:52:17	add	92a89a79-6c52-4a7e-a03f-61306fc49312

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC