last sync: 2020-Sep-17 14:31:34 UTC

You like AzAdvertizer ? Go checkout the new version of AzGovViz


Azure Policy

[Preview]: Certificates should be issued by the specified integrated certificate authority

Policy DisplayName [Preview]: Certificates should be issued by the specified integrated certificate authority
Policy Id 8e826246-c976-48f6-b03e-619bb92b3d82
Policy Category Key Vault
Policy Description Manage your organizational compliance requirements by specifying the Azure integrated certificate authorities that can issue certificates in your key vault such as Digicert or GlobalSign.
Policy Mode Microsoft.KeyVault.Data
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: audit
Allowed: (audit,deny,disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-02 14:03:46 change: DisplayName previous DisplayName: [Preview]: Manage certificates issued by an integrated CA
2019-11-19 11:26:09 change: DisplayName previous DisplayName: [Preview]: Certificates should be issued by an approved Azure Key Vault supported Certificate Authority provider
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Certificates should be issued by the specified integrated certificate authority",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "Manage your organizational compliance requirements by specifying the Azure integrated certificate authorities that can issue certificates in your key vault such as Digicert or GlobalSign.",
    "metadata": {
      "version": "2.0.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "allowedCAs": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Allowed Azure Key Vault Supported CAs",
          "description": "The list of allowed certificate authorities supported by Azure Key Vault."
        },
        "allowedValues": [
          "DigiCert",
          "GlobalSign"
        ],
        "defaultValue": [
          "DigiCert",
          "GlobalSign"
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault.Data/vaults/certificates"
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/issuer.name",
          "notIn": "[parameters('allowedCAs')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "8e826246-c976-48f6-b03e-619bb92b3d82"
}