-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
DataProtection_BackupVaults_ZoneRedundant_Audit.json
51 lines (51 loc) · 2.01 KB
/
DataProtection_BackupVaults_ZoneRedundant_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
{
"properties": {
"displayName": "[Preview]: Backup Vaults should be Zone Redundant",
"description": "Backup Vaults can be configured to be Zone Redundant or not. Backup Vaults are Zone Redundant if it's storage settings type is set to 'ZoneRedundant' and they are considered to be resilient. Geo Redundant or Locally Redundant Backup Vaults are not considered resilient. Enforcing this policy helps ensure that Backup Vaults are appropriately configured for zone resilience, reducing the risk of downtime during zone outages.",
"policyType": "BuiltIn",
"mode": "Indexed",
"metadata": {
"category": "Resilience",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "This parameter lets you choose the effect of the policy. If you choose Audit (default), the policy will only audit resources for compliance. If you choose Deny, the policy will deny the creation of non-compliant resources. If you choose Disabled, the policy will not enforce compliance (useful, for example, as a second assignment to ignore a subset of non-compliant resources in a single resource group)."
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DataProtection/BackupVaults"
},
{
"field": "Microsoft.DataProtection/backupVaults/storageSettings[*].type",
"notEquals": "ZoneRedundant"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/4bd1f3c0-9443-49ad-b8bc-7c17a92b5924",
"name": "4bd1f3c0-9443-49ad-b8bc-7c17a92b5924"
}