last sync: 2020-Dec-03 15:30:53 UTC

Azure Policy Initiative

[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days

Name[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days
Azure Portal
Idb6f5e05c-0aaa-4337-8dd4-357c399d12ae
Version1.0.0-deprecated
details on versioning
CategoryGuest Configuration
Microsoft docs
DescriptionThis initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
TypeBuiltIn
DeprecatedTrue
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2020-09-09 11:24:08 Name change: 'Audit Windows VMs that contain certificates expiring within the specified number of days' to '[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days'
2020-06-11 19:46:04 Name change: '[Preview]: Audit Windows VMs that contain certificates expiring within the specified number of days' to 'Audit Windows VMs that contain certificates expiring within the specified number of days'
Policy count Total Policies: 2
Builtin Policies: 2
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
[Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days c5fbc59e-fb6f-494f-81e2-d99a671bdaa8 Guest Configuration Fixed: deployIfNotExists Deprecated
[Deprecated]: Show audit results from Windows VMs that contain certificates expiring within the specified number of days 9328f27e-611e-44a7-a244-39109d7d35ab Guest Configuration Fixed: auditIfNotExists Deprecated
Json
{
  "properties": {
  "displayName": "[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Guest Configuration",
      "deprecated": true
    },
    "parameters": {
      "CertificateStorePath": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Certificate store path",
          "description": "The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\LocalMachine', 'Cert:\\LocalMachine\\TrustedPublisher', 'Cert:\\CurrentUser'"
        },
        "defaultValue": "Cert:"
      },
      "ExpirationLimitInDays": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Expiration limit in days",
          "description": "An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant."
        },
        "defaultValue": "30"
      },
      "CertificateThumbprintsToInclude": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Certificate thumbprints to include",
          "description": "A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
        },
        "defaultValue": ""
      },
      "CertificateThumbprintsToExclude": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Certificate thumbprints to exclude",
          "description": "A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
        },
        "defaultValue": ""
      },
      "IncludeExpiredCertificates": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Include expired certificates",
          "description": "Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored."
        },
        "allowedValues": [
          "true",
          "false"
        ],
        "defaultValue": "false"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Deploy_CertificateExpiration",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8",
        "parameters": {
          "CertificateStorePath": {
          "value": "[parameters('CertificateStorePath')]"
          },
          "ExpirationLimitInDays": {
          "value": "[parameters('ExpirationLimitInDays')]"
          },
          "CertificateThumbprintsToInclude": {
          "value": "[parameters('CertificateThumbprintsToInclude')]"
          },
          "CertificateThumbprintsToExclude": {
          "value": "[parameters('CertificateThumbprintsToExclude')]"
          },
          "IncludeExpiredCertificates": {
          "value": "[parameters('IncludeExpiredCertificates')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Audit_CertificateExpiration",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/b6f5e05c-0aaa-4337-8dd4-357c399d12ae",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "b6f5e05c-0aaa-4337-8dd4-357c399d12ae"
}