AzInitiativeAdvertizer

last sync: 2023-Sep-29 17:58:50 UTC

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source

Display name

Enforce recommended guardrails for Azure Key Vault

Enforce-Guardrails-KeyVault

Version

Category

Description

Enforce recommended guardrails for Azure Key Vault.

Type

Custom Azure Landing Zones (ALZ)

Deprecated

False

Preview

False

Policy count

Total Policies: 8
Builtin Policies: 8
Static Policies: 0
ALZ Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State	Type
Azure Key Vault should have firewall enabled	55615ac9-af46-4a59-874e-391cc3dfb490	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn
Certificates should have the specified lifetime action triggers	12ef42cb-9903-4e39-9c26-422d29570417	Key Vault	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA	BuiltIn
Key Vault keys should have an expiration date	152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn
Key Vault secrets should have an expiration date	98728c90-32c7-4049-8429-847dc0f4fe37	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn
Key vaults should have deletion protection enabled	0b60c0b2-2dc2-4e1c-b5c9-abbed971de53	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn
Key vaults should have soft delete enabled	1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn
Keys should have more than the specified number of days before expiration	5ff38825-c5d8-47c5-b70e-069a21955146	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn
Secrets should have more than the specified number of days before expiration	b0eb591a-5e70-4534-a8bf-04b9c489584a	Key Vault	Default Audit Allowed Audit, Deny, Disabled	GA	BuiltIn

Roles used

No Roles used

History

none

JSON compare

n/a

JSON