AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Storage Accounts should use a container delete retention policy

Source

Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Storage-ContainerDeleteRetentionPolicy

Display name

Storage Accounts should use a container delete retention policy

Deny-Storage-ContainerDeleteRetentionPolicy

Version

Category

Storage

Description

Enforce container delete retention policies larger than seven days for storage account. Enable this for increased data loss protection.

Mode

All

Type

Custom Azure Landing Zones (ALZ)

Preview

False

Deprecated

False

Effect

Default
Deny
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days	Microsoft.Storage	storageAccounts/blobServices	properties.containerDeleteRetentionPolicy.days	True		True
Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled	Microsoft.Storage	storageAccounts/blobServices	properties.containerDeleteRetentionPolicy.enabled	True		True

Rule resource types

IF (1)
Microsoft.Storage/storageAccounts/blobServices

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State
Enforce recommended guardrails for Storage Account	Enforce-Guardrails-Storage	Storage	GA

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-06-03 17:39:43	add	Deny-Storage-ContainerDeleteRetentionPolicy

JSON compare

n/a

JSON

EPAC