Skip to main content

Remediation

Note: Once enabled, purge protection cannot be disabled.

From Azure Portal​

  1. Go to Key Vaults.
  2. Click the name of a key vault.
  3. Under Settings, click Properties.
  4. Select the radio button next to Enable purge protection (enforce a mandatory retention period for deleted vaults and vault objects).
  5. Click Save.
  6. Repeat steps 1-5 for each key vault requiring remediation.

From Azure CLI​

For each key vault requiring remediation, run the following command to enable purge protection:

az resource update \
    --resource-group {{resource-group-name}} \
    --name {{key-vault-name}} \
    --resource-type "Microsoft.KeyVault/vaults" \
    --set properties.enablePurgeProtection=true

From PowerShell​

For each key vault requiring remediation, run the following command to enable purge protection:

Update-AzKeyVault `
    -ResourceGroupName {{resource-group-name}} `
    -VaultName {{key-vault-name}} `
    -EnablePurgeProtection