last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Storage accounts should be limited by allowed SKUs

Name Storage accounts should be limited by allowed SKUs
Azure Portal
Id 7433c107-6db4-4ad1-b57a-a76dce0154a1
Version 1.1.0
details on versioning
Category Storage
Microsoft docs
Description Restrict the set of storage account SKUs that your organization can deploy.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Deny
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 change Minor (1.0.0 > 1.1.0)
Used in Initiatives none
JSON Changes

JSON
{
  "properties": {
    "displayName": "Storage accounts should be limited by allowed SKUs",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Restrict the set of storage account SKUs that your organization can deploy.",
    "metadata": {
      "version": "1.1.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the audit policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Deny"
      },
      "listOfAllowedSKUs": {
        "type": "Array",
        "metadata": {
          "description": "The list of SKUs that can be specified for storage accounts.",
          "displayName": "Allowed SKUs",
          "strongType": "StorageSKUs"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
          },
          {
            "not": {
              "field": "Microsoft.Storage/storageAccounts/sku.name",
            "in": "[parameters('listOfAllowedSKUs')]"
            }
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1"
}