AzPolicyAdvertizer

last sync: 2025-May-12 17:30:45 UTC

Audit when a given service principal is not assigned to the Key Vault data plane

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy bd9473dd-0ab1-45a0-9776-ad76482b93e6 (1.0.0) to Azure
Display name Audit when a given service principal is not assigned to the Key Vault data plane
Id bd9473dd-0ab1-45a0-9776-ad76482b93e6
Version 1.0.0
Details on versioning
Category Key Vault
Microsoft Learn
Description Audit when a specified AAD object is not granted permissions to secrets, certs, or keys stored in a Key Vault through data plane access policies. This policy will not validate the permissions granted by the access policy, only the existance of at least one access policy for that object.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Keyvault/vaults/accessPolicies[*].objectId Microsoft.KeyVault vaults properties.accessPolicies[*].objectId True True
Rule resource types IF (1)
Microsoft.KeyVault/vaults
JSON
EPAC
Deploy policy bd9473dd-0ab1-45a0-9776-ad76482b93e6 (1.0.0) to Azure