As of June 18, 2021 a series of tasks are run on Saturday at 0200 UTC time.
The group of tasks run can be found in autocleanup.py in this directory.
The tasks are all configured through the configuration.json also found in this directory. Details of setting can be found in each of the task_* scripts and also described in the Readme.md master document.
To ensure that all tasks will run in unattended mode AND perform actual work, modifiy configuration.json :
"automation" : true
"subscriptions" contains a list of subscriptions.
credentials.json has a valid Service Principal identified with access to the list of subscriptions above.
| Order | Script | Description |
|---|---|---|
| 1 | task_rg_compliance.py | Delete resource groups that do not follow the compliance rules as defined by the team: - Is not a managed group - Is not a default Azure Resource Group - Is not tagged with required tags. |
| 2 | task_identity.py | 1. Remove all User level role assignments on the set of subscriptions at the subscription level to enforce AAD group access. 2. Clear Service Principals that have an assignment in the subscription but are not found in AAD. |
| 3 | task_compute.py | Deallocate (shut down) personal virtual machines which are VM's not contained in a managed resource group. |
| 4 | task_storage.py | For all Azure Storage accounts found in the subscripiton FORCE the following: - Disable public blob access - Enforce HTTPS only access - Enforce logging |
| 5 | task_keyvaults.py | For all Azure Key Vaults found in the subscription verify that it has Soft Delete enabled. If not enable it. |