AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Storage SAS tokens should adhere to 7 day maximum validity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Storage SAS tokens should adhere to 7 day maximum validity
Id 7aa1c9d5-3d7e-4579-8117-d85e99211757
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Storage
Microsoft Learn
Description This policy ensures that Shared Access Signature (SAS) tokens for storage accounts are configured with a maximum validity period of 7 days or less. It denies or audits storage accounts that allow longer SAS token lifetimes or don't have appropriate expiration actions configured.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/sasPolicy Microsoft.Storage storageAccounts properties.sasPolicy True True
Microsoft.Storage/storageAccounts/sasPolicy.expirationAction Microsoft.Storage storageAccounts properties.sasPolicy.expirationAction True False
Microsoft.Storage/storageAccounts/sasPolicy.sasExpirationPeriod Microsoft.Storage storageAccounts properties.sasPolicy.sasExpirationPeriod True False
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2025-08-04 17:26:22 add 7aa1c9d5-3d7e-4579-8117-d85e99211757
JSON compare n/a
JSON
api-version=2021-06-01
EPAC