Remediation
To enable Do Not Purge and Soft Delete for a Key Vault:
From Azure Portalβ
-
Go to
Key Vaults. -
For each Key Vault.
-
Click
Properties. -
Ensure the status of Purge protection reads
Enable purge protection (enforce a mandatory retention period for deleted vaults and vault objects).Note: once enabled you cannot disable it.
From Azure CLIβ
az resource update --id /subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<resourceGroupName>/providers/Microsoft.KeyVault /vaults/<keyVaultName> --set properties.enablePurgeProtection=true
From PowerShellβ
Update-AzKeyVault -VaultName <vaultName> -ResourceGroupName <resourceGroupName> -EnablePurgeProtection