Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.02 - Azure Blob Storage

This subsection covers security recommendations for Azure Blob Storage. These recommendations focus on enabling soft delete and versioning to protect blob data from accidental deletion and enable point-in-time recovery.

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v4.0 > 10 - Storage Services

10.02.01 - Ensure that soft delete for blobs on Azure Blob Storage storage accounts is Enabled
10.02.02 - Ensure 'Versioning' is set to 'Enabled' on Azure Blob Storage storage accounts

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v4.0 > 10 - Storage Services`
Valid Values [YAML]	`Per Azure > CIS v4.0 > 10 - Storage Services` `Skip` `Check: All CIS Benchmarks except attestations` `Check: All CIS Benchmarks`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/cis

Policy Type URI

tmod:@turbot/azure-cisv4-0#/policy/types/s1002

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/s1002") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s1002'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s1002'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s1002"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s1002"

Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.02 - Azure Blob Storage

Primary Policy

Related Policies

Policy Specification

Category

In Your Workspace

Developers