AzPolicyAdvertizer

last sync: 2020-Sep-17 14:31:34 UTC

You like AzAdvertizer ? Go checkout the new version of AzGovViz

Azure Policy

[Preview]: Certificates should use allowed key types

Policy DisplayName [Preview]: Certificates should use allowed key types
Policy Id 1151cede-290b-4ba0-8b38-0ad145ac888f
Policy Category Key Vault
Policy Description Manage your organizational compliance requirements by restricting the key types allowed for certificates.
Policy Mode Microsoft.KeyVault.Data
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: audit
Allowed: (audit,deny,disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-02 14:03:46 change: DisplayName previous DisplayName: [Preview]: Manage allowed certificate key types
2019-11-19 11:26:09 change: DisplayName previous DisplayName: [Preview]: Certificates should have the specified key types
Used in Policy Initiative(s) none
Policy Rule 
{
  "properties": {
  "displayName": "[Preview]: Certificates should use allowed key types",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "Manage your organizational compliance requirements by restricting the key types allowed for certificates.",
    "metadata": {
      "version": "2.0.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "allowedKeyTypes": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Allowed key types",
          "description": "The list of allowed certificate key types."
        },
        "allowedValues": [
          "RSA",
          "RSA-HSM",
          "EC",
          "EC-HSM"
        ],
        "defaultValue": [
          "RSA",
          "RSA-HSM"
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault.Data/vaults/certificates"
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType",
          "notIn": "[parameters('allowedKeyTypes')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "1151cede-290b-4ba0-8b38-0ad145ac888f"
}