AzPolicyAdvertizer

last sync: 2021-Sep-16 15:24:50 UTC

Azure Policy definition

Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy

Name Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy
Azure Portal
Id 98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86
Version 3.0.0
details on versioning
Category Backup
Microsoft docs
Description Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: deployIfNotExists
Allowed: (deployIfNotExists, auditIfNotExists, disabled)
Used RBAC Role
Role Name Role Id
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Backup Contributor 5e467623-bb1f-42f4-a55d-6e525e11384b
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-06-15 14:05:41 change Version remains equal, old suffix: preview (3.0.0-preview > 3.0.0)
2021-04-27 15:38:15 change Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-04-07 13:27:17 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2020-11-10 16:00:42 add 98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86
Used in Initiatives none
JSON Changes

JSON 
{
  "displayName": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
  "metadata": {
    "version": "3.0.0",
    "category": "Backup"
  },
  "parameters": {
    "exclusionTagName": {
      "type": "String",
      "metadata": {
        "displayName": "Exclusion Tag Name",
        "description": "Name of the tag to use for excluding VMs from the scope of this policy. This should be used along with the Exclusion Tag Value parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy."
      },
      "defaultValue": ""
    },
    "exclusionTagValue": {
      "type": "Array",
      "metadata": {
        "displayName": "Exclusion Tag Values",
        "description": "Value of the tag to use for excluding VMs from the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Exclusion Tag Name parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy."
      },
      "defaultValue": []
    },
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "deployIfNotExists",
        "auditIfNotExists",
        "disabled"
      ],
      "defaultValue": "deployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "not": {
            "field": "[concat('tags[', parameters('exclusionTagName'), ']')]",
            "in": "[parameters('exclusionTagValue')]"
          }
        },
        {
          "field": "id",
          "notContains": "/resourceGroups/databricks-rg-"
        },
        {
          "anyOf": [
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsServer"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "WindowsServer"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "in": [
                    "2008-R2-SP1",
                    "2008-R2-SP1-smalldisk",
                    "2012-Datacenter",
                    "2012-Datacenter-smalldisk",
                    "2012-R2-Datacenter",
                    "2012-R2-Datacenter-smalldisk",
                    "2016-Datacenter",
                    "2016-Datacenter-Server-Core",
                    "2016-Datacenter-Server-Core-smalldisk",
                    "2016-Datacenter-smalldisk",
                    "2016-Datacenter-with-Containers",
                    "2016-Datacenter-with-RDSH",
                    "2019-Datacenter",
                    "2019-Datacenter-Core",
                    "2019-Datacenter-Core-smalldisk",
                    "2019-Datacenter-Core-with-Containers",
                    "2019-Datacenter-Core-with-Containers-smalldisk",
                    "2019-Datacenter-smalldisk",
                    "2019-Datacenter-with-Containers",
                    "2019-Datacenter-with-Containers-smalldisk",
                    "2019-Datacenter-zhcn"
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsServer"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "WindowsServerSemiAnnual"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "in": [
                    "Datacenter-Core-1709-smalldisk",
                    "Datacenter-Core-1709-with-Containers-smalldisk",
                    "Datacenter-Core-1803-with-Containers-smalldisk"
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsServerHPCPack"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "WindowsServerHPCPack"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftSQLServer"
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2019"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2016"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2016-BYOL"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2012R2"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2012R2-BYOL"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftRServer"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "MLServer-WS2016"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftVisualStudio"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "in": [
                    "VisualStudio",
                    "Windows"
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftDynamicsAX"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "Dynamics"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "equals": "Pre-Req-AX7-Onebox-U8"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "microsoft-ads"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "windows-data-science-vm"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsDesktop"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "Windows-10"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "RedHat"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "in": [
                    "RHEL",
                    "RHEL-SAP-HANA"
                  ]
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "6.*"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "7*"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "SUSE"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "in": [
                    "SLES",
                    "SLES-HPC",
                    "SLES-HPC-Priority",
                    "SLES-SAP",
                    "SLES-SAP-BYOS",
                    "SLES-Priority",
                    "SLES-BYOS",
                    "SLES-SAPCAL",
                    "SLES-Standard"
                  ]
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "12*"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "Canonical"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "contains": "ubuntu"
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "14.04*LTS"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "16.04*LTS"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "18.04*LTS"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "*20_04-lts"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "20_04-lts*"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "Oracle"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "Oracle-Linux"
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "6.*"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "7.*"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "OpenLogic"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "in": [
                    "CentOS",
                    "Centos-LVM",
                    "CentOS-SRIOV"
                  ]
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "6.*"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "like": "7*"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "cloudera"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "cloudera-centos-os"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "like": "7*"
                }
              ]
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.RecoveryServices/backupprotecteditems",
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
          "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "vmName": {
                  "type": "string",
                  "metadata": {
                    "description": "Name of Azure Virtual Machines"
                  }
                },
                "vmRgName": {
                  "type": "string",
                  "metadata": {
                    "description": "Resource group containing the virtual machines."
                  }
                },
                "location": {
                  "type": "string",
                  "metadata": {
                    "description": "Location for VM and Backup vault"
                  }
                }
              },
              "variables": {
                "backupFabric": "Azure",
                "backupPolicy": "DefaultPolicy",
                "v2VmType": "Microsoft.Compute/virtualMachines",
                "v2VmContainer": "iaasvmcontainer;iaasvmcontainerv2;",
                "v2Vm": "vm;iaasvmcontainerv2;",
                "vaultName": "[take(concat('RSVault-', parameters('location'), '-', guid(resourceGroup().id)),50)]"
              },
              "resources": [
                {
                  "name": "[variables('vaultName')]",
                  "type": "Microsoft.RecoveryServices/vaults",
                  "apiVersion": "2016-06-01",
                  "location": "[parameters('location')]",
                  "properties": {},
                  "sku": {
                    "name": "Standard"
                  }
                },
                {
                  "name": "[concat(variables('vaultName'), '/', variables('backupFabric'), '/', variables('v2VmContainer'), concat(parameters('vmRgName'),';',parameters('vmName')), '/', variables('v2Vm'), concat(parameters('vmRgName'),';',parameters('vmName')))]",
                  "apiVersion": "2016-12-01",
                  "location": "[parameters('location')]",
                  "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
                  "dependsOn": [
                    "[resourceId('Microsoft.RecoveryServices/vaults/', variables('vaultName'))]"
                  ],
                  "properties": {
                    "protectedItemType": "[variables('v2VmType')]",
                    "policyId": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', variables('vaultName'),variables('backupPolicy'))]",
                    "sourceResourceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('vmRgName'), '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
                  }
                }
              ],
              "outputs": {
                "status": {
                  "type": "string",
                  "value": "[concat('Backup enabled successfully for VM:', ' ', parameters('vmName'), 'Backup Vault: ', variables('vaultName'))]"
                }
              }
            },
            "parameters": {
              "vmName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              },
              "vmRgName": {
                "value": "[resourceGroup().name]"
              }
            }
          }
        }
      }
    }
  }
}