last sync: 2020-Dec-02 15:37:49 UTC

Azure Policy definition

App Configuration should use a customer-managed key

Name App Configuration should use a customer-managed key
Azure Portal
Id 967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1
Version 1.1.0
details on versioning
Category App Configuration
Microsoft docs
Description Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys. This is often required to meet compliance requirements.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-11-10 16:00:42 change Minor (1.0.1 > 1.1.0)
2020-08-05 13:05:29 change Previous DisplayName: App Configuration should use a customer managed key
2020-02-12 02:52:44 add 967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1
Used in Initiatives none
JSON Changes

Json
{
  "properties": {
    "displayName": "App Configuration should use a customer-managed key",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys. This is often required to meet compliance requirements.",
    "metadata": {
      "version": "1.1.0",
      "category": "App Configuration"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.AppConfiguration/configurationStores"
          },
          {
            "field": "Microsoft.AppConfiguration/configurationStores/encryption.keyVaultProperties.keyIdentifier",
            "exists": "false"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1"
}