diff --git a/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.json b/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.json new file mode 100644 index 00000000..8a0ac7e1 --- /dev/null +++ b/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.json @@ -0,0 +1,59 @@ +{ + "name": "3557ee6d-ff74-49a7-8684-b0c83ce44bed", + "type": "Microsoft.Authorization/policyDefinitions", + "properties": { + "displayName": "App Configuration stores should should have soft delete enabled of 7 days", + "description": "Deleting a App Configuration store without soft delete enabled permanently deletes all data it contains", + "metadata": { + "version": "1.0.0", + "category": "App Configuration" + }, + "mode": "All", + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Deny, Audit or Disabled the execution of the Policy" + }, + "allowedValues": [ + "Deny", + "Audit", + "Disabled" + ], + "defaultValue": "Audit" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.AppConfiguration/configurationStores" + }, + { + "not": { + "field": "Microsoft.AppConfiguration/configurationStores/createMode", + "equals": "recover" + } + }, + { + "anyOf": [ + { + "field": "Microsoft.AppConfiguration/configurationStores/softDeleteRetentionInDays", + "exists": "false" + }, + { + "field": "Microsoft.AppConfiguration/configurationStores/softDeleteRetentionInDays", + "notequals": 7 + } + ] + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + } + } +} diff --git a/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.parameters.json b/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.parameters.json new file mode 100644 index 00000000..d2c89f94 --- /dev/null +++ b/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.parameters.json @@ -0,0 +1,15 @@ +{ + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Deny, Audit or Disabled the execution of the Policy" + }, + "allowedValues": [ + "Deny", + "Audit", + "Disabled" + ], + "defaultValue": "Audit" + } +} diff --git a/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.rules.json b/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.rules.json new file mode 100644 index 00000000..3fc6357e --- /dev/null +++ b/policyDefinitions/App Configuration/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.rules.json @@ -0,0 +1,31 @@ +{ + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.AppConfiguration/configurationStores" + }, + { + "not": { + "field": "Microsoft.AppConfiguration/configurationStores/createMode", + "equals": "recover" + } + }, + { + "anyOf": [ + { + "field": "Microsoft.AppConfiguration/configurationStores/softDeleteRetentionInDays", + "exists": "false" + }, + { + "field": "Microsoft.AppConfiguration/configurationStores/softDeleteRetentionInDays", + "notequals": 7 + } + ] + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } +}