last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

[Preview]: Manage minimum key size for RSA certificates

Policy DisplayName [Preview]: Manage minimum key size for RSA certificates
Policy Id cee51871-e572-4576-855c-047c820360f0
Policy Category Key Vault
Policy Description This policy manages the minimum key size for RSA certificates.
Policy Mode Microsoft.KeyVault.Data
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: audit
Allowed: (audit,deny,disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2019-11-19 11:26:09 change: DisplayName previous DisplayName: [Preview]: Certificate key sizes should be sufficiently large
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Manage minimum key size for RSA certificates",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "This policy manages the minimum key size for RSA certificates.",
    "metadata": {
      "version": "1.0.1-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "minimumRSAKeySize": {
        "type": "Integer",
        "metadata": {
        "displayName": "[Preview]: Minimum RSA key size",
          "description": "The minimum key size for RSA certificates."
        },
        "allowedValues": [
          2048,
          3072,
          4096
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType",
            "in": [
              "RSA",
              "RSA-HSM"
            ]
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize",
          "less": "[parameters('minimumRSAKeySize')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "cee51871-e572-4576-855c-047c820360f0"
}