⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 Azure → 📁 Virtual Machine

🛡️ Azure Managed Disk Snapshot is 90 days old or more🟢

• Contextual name: 🛡️ Managed Disk Snapshot is 90 days old or more🟢
• ID: /ce/ca/azure/virtual-machine/managed-disk-snapshot-90-days-old
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Snapshot
  • 🔌 Azure Snapshot - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Identify Azure Managed Disk Snapshots that are 90 days old or older to optimize storage utilization and uphold data lifecycle management practices by flagging snapshots for potential deletion or archival.

Rationale

Snapshots that exceed 90 days in age may contribute to unnecessary storage costs. Regular review and lifecycle management of such resources support cost efficiency and improve data hygiene. Archiving or deleting outdated snapshots helps ensure a well-governed and optimized cloud infrastructure.

Impact

You should assess the business and compliance requirements for retaining snapshots beyond 90 days. Some regulatory or operational policies may necessitate extended retention. Actions taken (i.e., deletion or archival) must align with internal data retention and governance policies.

Audit

This policy marks an Azure Snapshot as INCOMPLIANT if the value in its Time Created field indicates a creation date 90 days or more in the past, relative to the current date.

Remediation

Open File

Remediation

Deleting Snapshots

If a snapshot is no longer required for operational, compliance, or recovery purposes, it should be permanently deleted to eliminate unnecessary storage charges.

Azure CLI

Use the az snapshot delete command to remove the snapshot:

az snapshot delete \
    --resource-group {{resource-group-name}} \
    --name {{snapshot-name}} \
    --yes

PowerShell

Use the Remove-AzSnapshot cmdlet:

Remove-AzSnapshot `
    -ResourceGroupName "{{resource-group-name}}" `
    -SnapshotName "{{snapshot-name}}" `
    -Force

Archiving Snapshots

Snapshots that must be retained for compliance or archival purposes can be exported as VHDs and stored in a lower-cost blob storage tier.

Export Snapshot to Page Blob (VHD)

Generate a short-lived SAS for the snapshot and copy it to a designated storage account container as a Page Blob:

Azure CLI

subscriptionId={{subscription-id}}
resourceGroupName={{resource-group-name}}
snapshotName={{snapshot-name}}
sasExpiryDuration=3600
storageAccountName={{storage-account-name}}

... [see more](remediation.md)

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data