AzPolicyAdvertizer

last sync: 2025-Jun-02 17:23:56 UTC

Configure Storage Account to have Container Soft Delete enabled

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy c54a8309-0007-4287-87ae-1db2dfd5b14c (1.0.0) to Azure
Display name Configure Storage Account to have Container Soft Delete enabled
Id c54a8309-0007-4287-87ae-1db2dfd5b14c
Version 1.0.0
Details on versioning
Category Storage
Microsoft Learn
Description Container soft delete protects your data from being accidentally or erroneously modified or deleted. When container soft delete is enabled for a storage account, a container and its contents may be recovered after it has been deleted, within a retention period that you specify. For more details about container soft delete, see https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-container-overview.
Mode All
Type Custom Community
Effect Default
Modify
Allowed
Modify, Deny, Audit, Disabled
RBAC role(s)
Role Name Role Id
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled Microsoft.Storage storageAccounts/blobServices properties.containerDeleteRetentionPolicy.enabled True True
THEN-Operations (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days Microsoft.Storage storageAccounts/blobServices properties.containerDeleteRetentionPolicy.days True True
Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled Microsoft.Storage storageAccounts/blobServices properties.containerDeleteRetentionPolicy.enabled True True
Rule resource types IF (1)
Microsoft.Storage/storageAccounts/blobServices
JSON
EPAC
Deploy policy c54a8309-0007-4287-87ae-1db2dfd5b14c (1.0.0) to Azure