/
AzBackupRecoveryServicesVault_SoftDelete_Audit.json
81 lines (81 loc) · 2.6 KB
/
AzBackupRecoveryServicesVault_SoftDelete_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
"properties": {
"displayName": "[Preview]: Soft delete must be enabled for Recovery Services Vaults.",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "This policy audits if soft delete is enabled for Recovery Services Vaults in the scope. Soft delete can help you recover your data even after it has been deleted. Learn more at https://aka.ms/AB-SoftDelete.",
"metadata": {
"version": "1.0.0-preview",
"preview": true,
"category": "Backup"
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy."
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
},
"checkAlwaysOnSoftDeleteOnly": {
"type": "Boolean",
"metadata": {
"displayName": "CheckAlwaysOnSoftDeleteOnly",
"description": "This parameter checks if Soft Delete status is 'Locked', making it irreversible for Recovery Services Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete status 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete status either 'On' or 'AlwaysOn' as compliant."
},
"allowedValues": [
true,
false
],
"defaultValue": true
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.RecoveryServices/Vaults"
},
{
"anyOf": [
{
"field": "Microsoft.RecoveryServices/vaults/securitySettings.softDeleteSettings.softDeleteState",
"notIn": [
"Enabled",
"AlwaysOn"
]
},
{
"allOf": [
{
"value": "[parameters('checkAlwaysOnSoftDeleteOnly')]",
"equals": true
},
{
"field": "Microsoft.RecoveryServices/vaults/securitySettings.softDeleteSettings.softDeleteState",
"notEquals": "AlwaysOn"
}
]
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148",
"name": "31b8092a-36b8-434b-9af7-5ec844364148"
}