last sync: 2020-Dec-02 15:37:49 UTC

Azure Policy definition

[Preview]: Certificates should be issued by the specified non-integrated certificate authority

Name [Preview]: Certificates should be issued by the specified non-integrated certificate authority
Azure Portal
Id a22f4a40-01d3-4c7d-8071-da157eeff341
Version 2.0.0-preview
details on versioning
Category Key Vault
Microsoft docs
Description Manage your organizational compliance requirements by specifying the custom or internal certificate authorities that can issue certificates in your key vault.
Mode Microsoft.KeyVault.Data
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: audit
Allowed: (audit, deny, disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-09-02 14:03:46 change Previous DisplayName: [Preview]: Manage certificates issued by a non-integrated CA
2019-11-19 11:26:09 change Previous DisplayName: [Preview]: Certificates should be issued by an approved custom Certificate Authority provider
Used in Initiatives none
Json
{
  "properties": {
  "displayName": "[Preview]: Certificates should be issued by the specified non-integrated certificate authority",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "Manage your organizational compliance requirements by specifying the custom or internal certificate authorities that can issue certificates in your key vault.",
    "metadata": {
      "version": "2.0.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "caCommonName": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: The common name of the certificate authority",
          "description": "The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault.Data/vaults/certificates"
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName",
          "notContains": "[parameters('caCommonName')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "a22f4a40-01d3-4c7d-8071-da157eeff341"
}