@G. Garber - Welcome to Microsoft Q&A and thanks for reaching out to us.
Yes, you can create an Azure Policy to audit whether the soft delete option is enabled for Recovery Services Vaults. Here are the steps to create the policy:
- In the Azure portal, go to the "Policy" service.
- Click on "Definitions" in the left-hand menu.
- Click on "Add" to create a new policy definition.
- Enter a name and description for the policy definition.
- Under "Policy rule", click on "Edit".
- Enter the following JSON code to define the policy rule:
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.RecoveryServices/vaults"
},
{
"not": {
"field": "properties.softDeleteFeatureState",
"equals": "Enabled"
}
}
]
},
"then": {
"effect": "audit"
}
}
You can assign this policy to a scope, such as a management group or subscription, to enforce the policy across your Azure environment.
Hope this helps. and please feel free to reach out if you have any further questions.
If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.