| Plugin Title | Key Vault Recovery Enabled |
| Cloud | AZURE |
| Category | Key Vaults |
| Description | Ensures that Purge Protection and Soft Delete are enabled on all Key Vaults |
| More Info | Purge Protection and Soft Delete are features that safeguard losing key access. With these setting enabled, key vaults have recovery actions available to restore deleted or compromised key vaults. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-soft-delete |
| Recommended Action | Once Key Vaults are created, the Azure CLI must be used to update the vault Soft Delete and Purge Protection settings. |
- Log into the Microsoft Azure Management Console.
- In the search bar at the top search for Vaults and select "Key Vaults" from the search result.
- In the Key Vaults page select a key vault by clicking on the "Name" link to access the configuration changes.
- Scroll down and click "Properties" from the navigation pane on the left.
- If under "Soft delete" the "Disable purge protection" radio button is selected, then vaults and objects can be deleted with no recovery possible. This is against the best practices.
- Select the "Enable purge protection" radio button to allow only soft deletes so that vaults and objects can be recovered if needed.
- Finally, hit "Save" at the top of the pane to complete the changes.
- Repeat step number 3 - 7 for all other key vaults.
