AzPolicyAdvertizer

last sync: 2025-May-23 18:27:10 UTC

[Preview]: Configure Azure Key Vault Managed HSM with private endpoints

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Configure Azure Key Vault Managed HSM with private endpoints

d1d6d8bb-cc7c-420f-8c7d-6f6f5279a844

Version

1.0.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]

Category

Key Vault
Microsoft Learn

Description

Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to Azure Key Vault Managed HSM, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/key-vault/managed-hsm/private-link.

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Network Contributor	4d97b98b-1d4f-4787-a291-c67834d212e7
Managed HSM contributor	18500a29-7fe2-46b2-a342-b16a415e101d

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/privateLinkServiceConnectionState.status	Microsoft.KeyVault	managedHSMs/privateEndpointConnections	properties.privateLinkServiceConnectionState.status	True		False

Rule resource types

IF (1)

Microsoft.KeyVault/managedHSMs

THEN-Deployment (2)

Microsoft.Network/privateEndpoints
Microsoft.Resources/deployments

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-08-23 14:26:16	add	d1d6d8bb-cc7c-420f-8c7d-6f6f5279a844

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC