AzPolicyAdvertizer

last sync: 2021-Mar-08 14:55:27 UTC

Azure Policy definition

[Preview]: Configure backup on VMs without a given tag to a new recovery services vault with a default policy

Name [Preview]: Configure backup on VMs without a given tag to a new recovery services vault with a default policy
Azure Portal
Id 98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86
Version 1.0.0-preview
details on versioning
Category Backup
Microsoft docs
Description Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Backup Contributor 5e467623-bb1f-42f4-a55d-6e525e11384b
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-11-10 16:00:42 add 98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86
Used in Initiatives none
Json 
{
  "properties": {
  "displayName": "[Preview]: Configure backup on VMs without a given tag to a new recovery services vault with a default policy",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag",
    "metadata": {
      "version": "1.0.0-preview",
      "preview": true,
      "category": "Backup"
    },
    "parameters": {
      "exclusionTagName": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Exclusion Tag Name",
          "description": "Name of the tag to use for excluding VMs from the scope of this policy. This should be used along with the Exclusion Tag Value parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy"
        },
        "defaultValue": ""
      },
      "exclusionTagValue": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Exclusion Tag Values",
          "description": "Value of the tag to use for excluding VMs from the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Exclusion Tag Name parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy"
        },
        "defaultValue": [
          
        ]
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "not": {
            "field": "[concat('tags[', parameters('exclusionTagName'), ']')]",
            "in": "[parameters('exclusionTagValue')]"
            }
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "WindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "in": [
                      "2008-R2-SP1",
                      "2008-R2-SP1-smalldisk",
                      "2012-Datacenter",
                      "2012-Datacenter-smalldisk",
                      "2012-R2-Datacenter",
                      "2012-R2-Datacenter-smalldisk",
                      "2016-Datacenter",
                      "2016-Datacenter-Server-Core",
                      "2016-Datacenter-Server-Core-smalldisk",
                      "2016-Datacenter-smalldisk",
                      "2016-Datacenter-with-Containers",
                      "2016-Datacenter-with-RDSH",
                      "2019-Datacenter",
                      "2019-Datacenter-Core",
                      "2019-Datacenter-Core-smalldisk",
                      "2019-Datacenter-Core-with-Containers",
                      "2019-Datacenter-Core-with-Containers-smalldisk",
                      "2019-Datacenter-smalldisk",
                      "2019-Datacenter-with-Containers",
                      "2019-Datacenter-with-Containers-smalldisk",
                      "2019-Datacenter-zhcn"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "WindowsServerSemiAnnual"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "in": [
                      "Datacenter-Core-1709-smalldisk",
                      "Datacenter-Core-1709-with-Containers-smalldisk",
                      "Datacenter-Core-1803-with-Containers-smalldisk"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServerHPCPack"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "WindowsServerHPCPack"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftSQLServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2019"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2016"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2016-BYOL"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2012R2"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2012R2-BYOL"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftRServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "MLServer-WS2016"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftVisualStudio"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "VisualStudio",
                      "Windows"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftDynamicsAX"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Dynamics"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "equals": "Pre-Req-AX7-Onebox-U8"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-ads"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "windows-data-science-vm"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsDesktop"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Windows-10"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "RHEL",
                      "RHEL-SAP-HANA"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "SUSE"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "SLES",
                      "SLES-HPC",
                      "SLES-HPC-Priority",
                      "SLES-SAP",
                      "SLES-SAP-BYOS",
                      "SLES-Priority",
                      "SLES-BYOS",
                      "SLES-SAPCAL",
                      "SLES-Standard"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "12*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Canonical"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "UbuntuServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "14.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "16.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "18.04*LTS"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Oracle"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Oracle-Linux"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "7.*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "OpenLogic"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "CentOS",
                      "Centos-LVM",
                      "CentOS-SRIOV"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-centos-os"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "like": "7*"
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.RecoveryServices/backupprotecteditems",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
            "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string",
                    "metadata": {
                      "description": "Name of Azure Virtual Machines"
                    }
                  },
                  "vmRgName": {
                    "type": "string",
                    "metadata": {
                      "description": "Resource group containing the virtual machines."
                    }
                  },
                  "location": {
                    "type": "string",
                    "metadata": {
                      "description": "Location for VM and Backup vault"
                    }
                  }
                },
                "variables": {
                  "backupFabric": "Azure",
                  "backupPolicy": "DefaultPolicy",
                  "v2VmType": "Microsoft.Compute/virtualMachines",
                  "v2VmContainer": "iaasvmcontainer;iaasvmcontainerv2;",
                  "v2Vm": "vm;iaasvmcontainerv2;",
                "vaultName": "[take(concat('RSVault-', parameters('location'), '-', guid(resourceGroup().id)),50)]"
                },
                "resources": [
                  {
                  "name": "[variables('vaultName')]",
                    "type": "Microsoft.RecoveryServices/vaults",
                    "apiVersion": "2016-06-01",
                  "location": "[parameters('location')]",
                    "properties": {
                      
                    },
                    "sku": {
                      "name": "Standard"
                    }
                  },
                  {
                  "name": "[concat(variables('vaultName'), '/', variables('backupFabric'), '/', variables('v2VmContainer'), concat(parameters('vmRgName'),';',parameters('vmName')), '/', variables('v2Vm'), concat(parameters('vmRgName'),';',parameters('vmName')))]",
                    "apiVersion": "2016-12-01",
                  "location": "[parameters('location')]",
                    "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
                    "dependsOn": [
                    "[resourceId('Microsoft.RecoveryServices/vaults/', variables('vaultName'))]"
                    ],
                    "properties": {
                    "protectedItemType": "[variables('v2VmType')]",
                    "policyId": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', variables('vaultName'),variables('backupPolicy'))]",
                    "sourceResourceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('vmRgName'), '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
                    }
                  }
                ],
                "outputs": {
                  "status": {
                    "type": "string",
                  "value": "[concat('Backup enabled successfully for VM:', ' ', parameters('vmName'), 'Backup Vault: ', variables('vaultName'))]"
                  }
                }
              },
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "vmRgName": {
                "value": "[resourceGroup().name]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86"
}