AzPolicyAdvertizer

last sync: 2025-Jul-01 17:24:08 UTC

Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location

09ce66bc-1220-4153-8104-e3f51c936913

Version

9.4.0
Details on versioning

Versioning

Versions supported for Versioning: 4
9.4.0
9.3.0
9.2.0
9.1.0
Built-in Versioning [Preview]

Category

Backup
Microsoft Learn

Description

Enforce backup for all virtual machines by backing them up to an existing central recovery services vault in the same location and subscription as the virtual machine. Doing this is useful when there is a central team in your organization managing backups for all resources in a subscription. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMCentralBackupExcludeTag.

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
auditIfNotExists, AuditIfNotExists, deployIfNotExists, DeployIfNotExists, disabled, Disabled

RBAC role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Backup Contributor	5e467623-bb1f-42f4-a55d-6e525e11384b

Rule aliases

IF (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False

Rule resource types

IF (1)

Microsoft.Compute/virtualMachines

THEN-Deployment (3)

Microsoft.Compute/virtualMachines
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems
Microsoft.Resources/deployments

Compliance

The following 8 compliance controls are associated with this Policy definition 'Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location' (09ce66bc-1220-4153-8104-e3f51c936913)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
DORA_2022_2554	9.3b	DORA_2022_2554_9.3b	DORA 2022 2554 9.3b	9	Minimize Risks of Data Corruption and Loss in ICT Processes	Shared	n/a	Implement information and communication technology (ICT) processes that minimize the risk of data corruption or loss, unauthorized access, and technical flaws that may disrupt business activities.		36
K_ISMS_P_2018	2.10.1	K_ISMS_P_2018_2.10.1	K ISMS P 2018 2.10.1	2.10	Establish Procedures for Managing the Security of System Operations	Shared	n/a	Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions.		455
K_ISMS_P_2018	2.10.2	K_ISMS_P_2018_2.10.2	K ISMS P 2018 2.10.2	2.10	Establish Protective Measures for Administrator Privileges and Security Configurations	Shared	n/a	Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations.		431
K_ISMS_P_2018	2.9.3	K_ISMS_P_2018_2.9.3	K ISMS P 2018 2.9.3	2.9	Establish Backup Recovery Procedures for Information Systems and Ensure Timely Recovery	Shared	n/a	Establish and implement backup recovery procedures for the information system such as backup targets, backup cycles, backup methods, storage places, storage periods, and vaulting. Ensure timely recovery of information systems following an incident.		11
	mp.info.6 Backups	mp.info.6 Backups	404 not found				n/a	n/a		65
	op.cont.4 Alternative means	op.cont.4 Alternative means	404 not found				n/a	n/a		95
	op.exp.3 Security configuration management	op.exp.3 Security configuration management	404 not found				n/a	n/a		123
RMiT_v1.0	11.4	RMiT_v1.0_11.4	RMiT 11.4	Cyber Risk Management	Cyber Risk Management - 11.4	Shared	n/a	A large financial institution is required to' (a) implement a centralised automated tracking system to manage its technology asset inventory; and (b) establish a dedicated in-house cyber risk management function to manage cyber risks or emerging cyber threats. The cyber risk management function shall be responsible for the following: (i) perform detailed analysis on cyber threats, provide risk assessments on potential cyber-attacks and ensure timely review and escalation of all high-risk cyber threats to senior management and the board; and (ii) proactively identify potential vulnerabilities including those arising from infrastructure hosted with third party service providers through the simulation of sophisticated 'Red Team' attacks on its current security controls.	link	3

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
DORA 2022 2554	f9c0485f-da8e-43b5-961e-58ebd54b907c	Regulatory Compliance	GA	BuiltIn	unknown
K ISMS P 2018	e0782c37-30da-4a78-9f92-50bfe7aa2553	Regulatory Compliance	GA	BuiltIn	unknown
RMIT Malaysia	97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6	Regulatory Compliance	GA	BuiltIn	unknown
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn	unknown

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-10-25 17:51:35	change	Minor (9.3.0 > 9.4.0)
2024-05-13 17:44:58	change	Minor (9.2.0 > 9.3.0)
2024-02-20 22:44:08	change	Minor (9.1.0 > 9.2.0)
2023-01-13 18:06:06	change	Minor (9.0.0 > 9.1.0)
2022-06-24 19:15:47	change	Major (8.0.0 > 9.0.0)
2022-04-29 18:06:01	change	Major (7.1.0 > 8.0.0)
2022-04-08 16:22:13	change	Major (6.1.0 > 7.1.0)
2022-04-01 20:29:14	change	Minor (6.0.0 > 6.1.0)
2022-02-11 18:30:22	change	Major (5.0.0 > 6.0.0)
2021-12-06 22:17:57	change	Major (4.0.0 > 5.0.0)
2021-11-12 16:23:07	change	Major (3.0.0 > 4.0.0)
2021-04-27 15:38:15	change	Major (2.0.0 > 3.0.0)
2021-04-07 13:27:17	change	Major (1.1.0 > 2.0.0)
2020-11-10 16:00:42	change	Minor (1.0.0 > 1.1.0)
2019-11-19 11:26:09	change	Previous DisplayName: Deploy prerequisites to backup VMs of a location to an existing central Vault in the same location

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC