Prevent accidental deletions at scale using Azure Policy

Azure Policy is happy to introduce a new preview effect: DenyAction! Unlike other effects that focus on resource configurations, the denyAction effect will block requests based on intended action, regardless of user permissions. Today this new effect supports deletions, but it's set up to handle other types of actions in the future. With the at-scale power of Azure Policy and the ability to block delete calls, denyAction allows you to prevent accidental deletions of your critical resources.

Sample denyAction definition that blocks delete calls on any virtual machines:

You are able to create these definitions in Portal or API. All denyAction definitions will have a compliance state of 'Not Started' during preview, and will introduce a new compliance state of 'Protected' for GA. Check out the documentation to learn more about how this effect works, and keep an eye out for the GA of this effect in the coming months!

Learn more

Prevent accidental deletions at scale using Azure Policy

Azure Governance and Management Blog articles

Share post:

Related

Azure Lab Services (Lab Account) - Planned Outage - May 24th, 2024

Intelligent FinOps in Azure

IBM Maximo Application Suite migration and modernization with Azure Red Hat OpenShift

Streamlining Microsoft Azure Identity and Security for Growth

Azure SDK Release (April 2024)

Sneak peek at new Azure edge infrastructure

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!