last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

[Preview]: Manage certificate validity period

Policy DisplayName [Preview]: Manage certificate validity period
Policy Id 0a075868-4c26-42ef-914c-5bc007359560
Policy Category Key Vault
Policy Description This policy manages the maximum validity period for certificates in months.
Policy Mode Microsoft.KeyVault.Data
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: audit
Allowed: (audit,deny,disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2019-11-19 11:26:09 change: DisplayName previous DisplayName: [Preview]: Certificates should not have a lengthy validity period
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Manage certificate validity period",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "This policy manages the maximum validity period for certificates in months.",
    "metadata": {
      "version": "1.0.1-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "maximumValidityInMonths": {
        "type": "Integer",
        "metadata": {
        "displayName": "[Preview]: The maximum validity in months",
          "description": "The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren't best practice."
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "field": "Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths",
      "greater": "[parameters('maximumValidityInMonths')]"
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0a075868-4c26-42ef-914c-5bc007359560"
}