💼 9.3.9 Ensure Azure Resource Manager Delete Locks are Applied to Azure Storage Accounts (Manual)
- ID:
/frameworks/cis-azure-v6.0.0/09/03/09
Stats
not available
Description
Azure Resource Manager CannotDelete (Delete) locks can prevent users from accidentally or maliciously deleting a storage account. This feature ensures that while the Storage account can still be modified or used, deletion of the Storage account resource requires removal of the lock by a user with appropriate permissions.
This feature is a protective control for the availability of data. By ensuring that a storage account or its parent resource group cannot be deleted without first removing the lock, the risk of data loss is reduced.
While an automated assessment procedure exists for this recommendation, the assessment status remains manual. Determining storage accounts that require CannotDelete locks depends on the context and requirements of each organization and environment.
Similar
- Sections
/frameworks/cis-azure-v5.0.0/09/03/09
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v5.0.0 → 💼 9.3.9 Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts (Manual) | 1 | no data |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v5.0.0 → 💼 9.3.9 Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts (Manual) | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Azure Storage Account uses Delete lock🟢⚪ | 🟢 x2, ⚪ x1 | no data |