last sync: 2022-Jun-28 16:32:57 UTC

Azure Policy definition

Storage accounts should prevent cross tenant object replication

Name Storage accounts should prevent cross tenant object replication
Azure Portal
Id 92a89a79-6c52-4a7e-a03f-61306fc49312
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Audit restriction of object replication for your storage account. By default, users can configure object replication with a source storage account in one Azure AD tenant and a destination account in a different tenant. It is a security concern because customer's data can be replicated to a storage account that is owned by the customer. By setting allowCrossTenantReplication to false, objects replication can be configured only if both source and destination accounts are in the same Azure AD tenant.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
Rule Aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/allowCrossTenantReplication Microsoft.Storage storageAccounts properties.allowCrossTenantReplication true
Rule ResourceTypes IF (1)
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-27 15:52:17 add 92a89a79-6c52-4a7e-a03f-61306fc49312
Used in Initiatives none