last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

[Preview]: Manage allowed curve names for elliptic curve cryptography certificates

Policy DisplayName [Preview]: Manage allowed curve names for elliptic curve cryptography certificates
Policy Id bd78111f-4953-4367-9fd5-7e08808b54bf
Policy Category Key Vault
Policy Description This policy manages the allowed elliptic curve names for elliptic curve cryptography certificates.
Policy Mode Microsoft.KeyVault.Data
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: audit
Allowed: (audit,deny,disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2019-11-02 10:12:34 add: Policy bd78111f-4953-4367-9fd5-7e08808b54bf
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Manage allowed curve names for elliptic curve cryptography certificates",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "This policy manages the allowed elliptic curve names for elliptic curve cryptography certificates.",
    "metadata": {
      "version": "1.0.1-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "allowedECNames": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Allowed elliptic curve names",
          "description": "The list of allowed curve names for elliptic curve cryptography certificates."
        },
        "allowedValues": [
          "P-256",
          "P-256K",
          "P-384",
          "P-521"
        ],
        "defaultValue": [
          "P-256",
          "P-256K",
          "P-384",
          "P-521"
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType",
            "in": [
              "EC",
              "EC-HSM"
            ]
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName",
          "notIn": "[parameters('allowedECNames')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "bd78111f-4953-4367-9fd5-7e08808b54bf"
}