Enforce backup for all virtual machines by backing them up to an existing central recovery services vault in the same location and subscription as the virtual machine. Doing this is useful when there is a central team in your organization managing backups for all resources in a subscription. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMCentralBackupExcludeTag.
IF (1) Microsoft.Compute/virtualMachines THEN-Deployment (3) Microsoft.Compute/virtualMachines Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems Microsoft.Resources/deployments
The following 1 compliance controls are associated with this Policy definition 'Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location' (09ce66bc-1220-4153-8104-e3f51c936913)
A large financial institution is required to'
(a) implement a centralised automated tracking system to manage its technology asset inventory; and
(b) establish a dedicated in-house cyber risk management function to manage cyber risks or emerging cyber threats. The cyber risk management function shall be responsible for the following:
(i) perform detailed analysis on cyber threats, provide risk assessments on potential cyber-attacks and ensure timely review and escalation of all high-risk cyber threats to senior management and the board; and
(ii) proactively identify potential vulnerabilities including those arising from infrastructure hosted with third party service providers through the simulation of sophisticated 'Red Team' attacks on its current security controls.