AzPolicyAdvertizer

last sync: 2025-May-12 17:30:45 UTC

Enable soft-delete and purge protection on Key Vaults

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 29162fc6-7a8f-4cd4-98d8-99ac1bffa6e5 (2.0.0) to Azure
Display name Enable soft-delete and purge protection on Key Vaults
Id 29162fc6-7a8f-4cd4-98d8-99ac1bffa6e5
Version 2.0.0
Details on versioning
Category Key Vault
Microsoft Learn
Description This Policy will enable soft-delete and purge protection on all Key Vaults.
Mode All
Type Custom Community
Effect Default
Modify
Allowed
Modify, Deny, Audit, Disabled
RBAC role(s)
Role Name Role Id
Key Vault Contributor f25e0fa2-a7c8-4377-a976-54943a77a395
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.KeyVault/vaults/enablePurgeProtection Microsoft.KeyVault vaults properties.enablePurgeProtection True True
Microsoft.KeyVault/vaults/enableSoftDelete Microsoft.KeyVault vaults properties.enableSoftDelete True True
THEN-Operations (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.KeyVault/vaults/enablePurgeProtection Microsoft.KeyVault vaults properties.enablePurgeProtection True True
Microsoft.KeyVault/vaults/enableSoftDelete Microsoft.KeyVault vaults properties.enableSoftDelete True True
Rule resource types IF (1)
Microsoft.KeyVault/vaults
JSON
EPAC
Deploy policy 29162fc6-7a8f-4cd4-98d8-99ac1bffa6e5 (2.0.0) to Azure