Microsoft implements this Data Minimization and Retention control
Name/Id: ACF1830 / Microsoft Managed Control 1830 Category: Data Minimization and Retention Title: Minimization of Personally Identifiable Information - Use Minimum PII Necessary Ownership: Customer, Microsoft Description: Identifies the minimum personally identifiable information (PII) elements that are relevant and necessary to accomplish the legally authorized purpose of collection; Requirements: Azure only collects Personally Identifiable Information (PII) for billing and security purposes. Azure uses only customer data for internal billing of MS Azure accounts. Azure identifies the minimum PII elements that are relevant and necessary to accomplish the legally authorized purpose of collection.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups