Control: Cross tenant replication should be disabled for storage accounts
Description
Disabling cross tenant replication helps prevent data from being replicated across multiple Azure tenants, reducing the risk of data leakage.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_cross_tenant_replication_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_cross_tenant_replication_disabled --shareSQL
This control uses a named query:
select sa.id as resource, case when allow_cross_tenant_replication then 'alarm' else 'ok' end as status, case when allow_cross_tenant_replication then sa.name || ' cross tenant replication is enabled.' else sa.name || ' cross tenant replication is disabled.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa, azure_subscription subwhere sub.subscription_id = sa.subscription_id;