AzPolicyAdvertizer

last sync: 2022-Nov-25 17:41:58 UTC

Azure Policy definition

Storage accounts should prevent cross tenant object replication

Name

Storage accounts should prevent cross tenant object replication
Azure Portal

92a89a79-6c52-4a7e-a03f-61306fc49312

Version

1.0.0
details on versioning

Category

Storage
Microsoft docs

Description

Audit restriction of object replication for your storage account. By default, users can configure object replication with a source storage account in one Azure AD tenant and a destination account in a different tenant. It is a security concern because customer's data can be replicated to a storage account that is owned by the customer. By setting allowCrossTenantReplication to false, objects replication can be configured only if both source and destination accounts are in the same Azure AD tenant.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC
Role(s)

none

Rule
Aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/allowCrossTenantReplication	Microsoft.Storage	storageAccounts	properties.allowCrossTenantReplication	true

Rule
ResourceTypes

IF (1)
Microsoft.Storage/storageAccounts

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-09-27 15:52:17	add	92a89a79-6c52-4a7e-a03f-61306fc49312

Initiatives
usage

none

JSON