AzPolicyAdvertizer

last sync: 2025-Jul-11 17:24:21 UTC

Storage accounts should prevent cross tenant object replication

Azure BuiltIn Policy definition

Source Azure Portal
Display name Storage accounts should prevent cross tenant object replication
Id 92a89a79-6c52-4a7e-a03f-61306fc49312
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Storage
Microsoft Learn
Description Audit restriction of object replication for your storage account. By default, users can configure object replication with a source storage account in one Azure AD tenant and a destination account in a different tenant. It is a security concern because customer's data can be replicated to a storage account that is owned by the customer. By setting allowCrossTenantReplication to false, objects replication can be configured only if both source and destination accounts are in the same Azure AD tenant.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/allowCrossTenantReplication Microsoft.Storage storageAccounts properties.allowCrossTenantReplication True True
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Enforce recommended guardrails for Storage Account Enforce-Guardrails-Storage Storage GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-27 15:52:17 add 92a89a79-6c52-4a7e-a03f-61306fc49312
JSON compare n/a
JSON
api-version=2021-06-01
EPAC