Purge Protect App Configuration Stores

Reliability · App Configuration · 2022_12

Consider purge protection for app configuration store to ensure store cannot be purged in the retention period.

Description

With purge protection enabled, soft deleted stores can't be purged in the retention period. If disabled, the soft deleted store can be purged before the retention period expires. Once purge protection is enabled on a store, it can't be disabled.

Purge protection currently requires a standard SKU.

Recommendation

Consider enabling purge protection for app configuration store.

Examples

Configure with Azure template

To deploy App Configuration Stores that pass this rule:

• Set properties.enablePurgeProtection to true.

For example:

Azure Template snippet

{
  "type": "Microsoft.AppConfiguration/configurationStores",
  "apiVersion": "2022-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "sku": {
    "name": "standard"
  },
  "properties": {
    "disableLocalAuth": true,
    "enablePurgeProtection": true
  }
}

Configure with Bicep

To deploy App Configuration Stores that pass this rule:

• Set properties.enablePurgeProtection to true.

For example:

Azure Bicep snippet

resource store 'Microsoft.AppConfiguration/configurationStores@2022-05-01' = {
  name: name
  location: location
  sku: {
    name: 'standard'
  }
  properties: {
    disableLocalAuth: true
    enablePurgeProtection: true
  }
}

Links

• Data management for reliability
• Purge protection
• Azure deployment reference

---

Last update: 2022-10-06

Comments