Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
943 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am trying to create a policy to enforce both soft-deletion and purge-protection on Azure Key-Vaults. There could be vaults with soft delete either enabled or disabled. Purge-Protection will be disabled. Is it possible to do it in the same template? Something like this
{
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"equals": "true"
},
OR (How to do this?)
{
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"exists": "false"
},
{
"field": "Microsoft.KeyVault/vaults/enablePurgeProtection",
"exists": "false"
}
You need to use the "AnyOf" operator:
{
"anyOf": [
{
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"equals": "true"
},
{
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"exists": "false"
}
]
}