AzPolicyAdvertizer

last sync: 2025-Jun-26 17:24:03 UTC

Audit - Azure Files should have Soft Delete enabled

Community Policy definition

Source

Repository Community-Policy GitHub
JSON Community-Policy GitHub

Deploy policy b959c857-3c53-5ceb-9ae3-f6f39166d099 (1.0.0-preview) to Azure

Display name

Audit - Azure Files should have Soft Delete enabled

b959c857-3c53-5ceb-9ae3-f6f39166d099

Version

1.0.0-preview
Details on versioning

Category

Storage
Microsoft Learn

Description

Protect your File Shares from accidental or malicious deletions by enabling Soft Delete: https://docs.microsoft.com/azure/storage/files/storage-files-prevent-file-share-deletion

Mode

Indexed

Type

Custom Community

Effect

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

RBAC role(s)

none

Rule aliases

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/fileServices/default.shareDeleteRetentionPolicy.days	Microsoft.Storage	storageAccounts/fileServices	properties.shareDeleteRetentionPolicy.days	True		True
Microsoft.Storage/storageAccounts/fileServices/default.shareDeleteRetentionPolicy.enabled	Microsoft.Storage	storageAccounts/fileServices	properties.shareDeleteRetentionPolicy.enabled	True		True

Rule resource types

IF (1)
Microsoft.Storage/storageAccounts

JSON

EPAC