last sync: 2022-Nov-25 17:41:58 UTC

Azure Policy definition

Storage accounts should prevent cross tenant object replication

Name Storage accounts should prevent cross tenant object replication
Azure Portal
Id 92a89a79-6c52-4a7e-a03f-61306fc49312
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Audit restriction of object replication for your storage account. By default, users can configure object replication with a source storage account in one Azure AD tenant and a destination account in a different tenant. It is a security concern because customer's data can be replicated to a storage account that is owned by the customer. By setting allowCrossTenantReplication to false, objects replication can be configured only if both source and destination accounts are in the same Azure AD tenant.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC
Role(s)
none
Rule
Aliases
IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/allowCrossTenantReplication Microsoft.Storage storageAccounts properties.allowCrossTenantReplication true
Rule
ResourceTypes
IF (1)
Microsoft.Storage/storageAccounts
Compliance Not a Compliance control
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-27 15:52:17 add 92a89a79-6c52-4a7e-a03f-61306fc49312
Initiatives
usage
none
JSON