Two conditions in ARM Template to create a policy

Abhishek Rai 21 Reputation points
2022-12-15T06:37:22.19+00:00

I am trying to create a policy to enforce both soft-deletion and purge-protection on Azure Key-Vaults. There could be vaults with soft delete either enabled or disabled. Purge-Protection will be disabled. Is it possible to do it in the same template? Something like this

{  
  "field": "Microsoft.KeyVault/vaults/enableSoftDelete",  
  "equals": "true"  
},  
OR (How to do this?)  
{  
  "field": "Microsoft.KeyVault/vaults/enableSoftDelete",  
  "exists": "false"  
},  
{  
  "field": "Microsoft.KeyVault/vaults/enablePurgeProtection",  
  "exists": "false"  
}  
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
943 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sam Cogan 10,767 Reputation points MVP
    2022-12-15T09:02:46.933+00:00

    You need to use the "AnyOf" operator:

    {  
      "anyOf": [  
        {  
          "field": "Microsoft.KeyVault/vaults/enableSoftDelete",  
          "equals": "true"  
        },  
      
        {  
          "field": "Microsoft.KeyVault/vaults/enableSoftDelete",  
          "exists": "false"  
        }  
      ]  
    }  
    
    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.