last sync: 2024-Apr-24 17:47:19 UTC

Enforce recommended guardrails for Azure Key Vault

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-KeyVault
Display nameEnforce recommended guardrails for Azure Key Vault
IdEnforce-Guardrails-KeyVault
Version1.0.0
Details on versioning
CategoryKey Vault
DescriptionEnforce recommended guardrails for Azure Key Vault.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 8
Builtin Policies: 8
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Azure Key Vault should have firewall enabled 55615ac9-af46-4a59-874e-391cc3dfb490 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Certificates should have the specified lifetime action triggers 12ef42cb-9903-4e39-9c26-422d29570417 Key Vault Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA BuiltIn
Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Key Vault secrets should have an expiration date 98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Key vaults should have deletion protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Key vaults should have soft delete enabled 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Keys should have more than the specified number of days before expiration 5ff38825-c5d8-47c5-b70e-069a21955146 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Secrets should have more than the specified number of days before expiration b0eb591a-5e70-4534-a8bf-04b9c489584a Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Roles used
No Roles used
History none
JSON compare n/a
JSON
EPAC