last sync: 2020-Sep-22 14:52:15 UTC

Azure Policy

[Preview]: Certificates should not expire within the specified number of days

Policy DisplayName [Preview]: Certificates should not expire within the specified number of days
Policy Id f772fb64-8e40-40ad-87bc-7706e1949427
Policy Category Key Vault
Policy Description Manage certificates that will expire within a specified number of days to ensure your organization has sufficient time to rotate the certificate prior to expiration.
Policy Mode Microsoft.KeyVault.Data
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Default: audit
Allowed: (audit,deny,disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-02 14:03:46 change: DisplayName previous DisplayName: [Preview]: Manage certificates that are within a specified number of days of expiration
2019-11-19 11:26:09 change: DisplayName previous DisplayName: [Preview]: Certificates should not expire in the specified number of days
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Certificates should not expire within the specified number of days",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "Manage certificates that will expire within a specified number of days to ensure your organization has sufficient time to rotate the certificate prior to expiration.",
    "metadata": {
      "version": "2.0.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "daysToExpire": {
        "type": "Integer",
        "metadata": {
        "displayName": "[Preview]: Days to expire",
          "description": "The number of days for a certificate to expire."
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault.Data/vaults/certificates"
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn",
          "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "f772fb64-8e40-40ad-87bc-7706e1949427"
}