Skip to content

Purge Protect App Configuration Stores#

Reliability · App Configuration · 2022_12

Consider purge protection for app configuration store to ensure store cannot be purged in the retention period.

Description#

With purge protection enabled, soft deleted stores can't be purged in the retention period. If disabled, the soft deleted store can be purged before the retention period expires. Once purge protection is enabled on a store, it can't be disabled.

Purge protection currently requires a standard SKU.

Recommendation#

Consider enabling purge protection for app configuration store.

Examples#

Configure with Azure template#

To deploy App Configuration Stores that pass this rule:

  • Set properties.enablePurgeProtection to true.

For example:

Azure Template snippet
{
  "type": "Microsoft.AppConfiguration/configurationStores",
  "apiVersion": "2022-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "sku": {
    "name": "standard"
  },
  "properties": {
    "disableLocalAuth": true,
    "enablePurgeProtection": true
  }
}

Configure with Bicep#

To deploy App Configuration Stores that pass this rule:

  • Set properties.enablePurgeProtection to true.

For example:

Azure Bicep snippet
resource store 'Microsoft.AppConfiguration/configurationStores@2022-05-01' = {
  name: name
  location: location
  sku: {
    name: 'standard'
  }
  properties: {
    disableLocalAuth: true
    enablePurgeProtection: true
  }
}

Last update: 2022-10-06

Comments