last sync: 2020-Sep-21 13:43:23 UTC

Azure Policy Initiative

[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days

Initiative DisplayName [Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days
Initiative Id b6f5e05c-0aaa-4337-8dd4-357c399d12ae
Initiative Category Guest Configuration
Initiative Description This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-09-09 11:24:08 change DisplayName Name change: 'Audit Windows VMs that contain certificates expiring within the specified number of days' to '[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days'
2020-06-11 19:46:04 change DisplayName Name change: '[Preview]: Audit Windows VMs that contain certificates expiring within the specified number of days' to 'Audit Windows VMs that contain certificates expiring within the specified number of days'
Initiative Policies count Total Policies: 2
Builtin Policies: 2/2
Static Policies: 0/2
Initiative Policies
Policy DisplayName Policy Id
[Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days c5fbc59e-fb6f-494f-81e2-d99a671bdaa8
[Deprecated]: Show audit results from Windows VMs that contain certificates expiring within the specified number of days 9328f27e-611e-44a7-a244-39109d7d35ab
Initiative Rule
{
  "properties": {
  "displayName": "[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Guest Configuration",
      "deprecated": true
    },
    "parameters": {
      "CertificateStorePath": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Certificate store path",
          "description": "The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\LocalMachine', 'Cert:\\LocalMachine\\TrustedPublisher', 'Cert:\\CurrentUser'"
        },
        "defaultValue": "Cert:"
      },
      "ExpirationLimitInDays": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Expiration limit in days",
          "description": "An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant."
        },
        "defaultValue": "30"
      },
      "CertificateThumbprintsToInclude": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Certificate thumbprints to include",
          "description": "A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
        },
        "defaultValue": ""
      },
      "CertificateThumbprintsToExclude": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Certificate thumbprints to exclude",
          "description": "A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
        },
        "defaultValue": ""
      },
      "IncludeExpiredCertificates": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Include expired certificates",
          "description": "Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored."
        },
        "allowedValues": [
          "true",
          "false"
        ],
        "defaultValue": "false"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Deploy_CertificateExpiration",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8",
        "parameters": {
          "CertificateStorePath": {
          "value": "[parameters('CertificateStorePath')]"
          },
          "ExpirationLimitInDays": {
          "value": "[parameters('ExpirationLimitInDays')]"
          },
          "CertificateThumbprintsToInclude": {
          "value": "[parameters('CertificateThumbprintsToInclude')]"
          },
          "CertificateThumbprintsToExclude": {
          "value": "[parameters('CertificateThumbprintsToExclude')]"
          },
          "IncludeExpiredCertificates": {
          "value": "[parameters('IncludeExpiredCertificates')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Audit_CertificateExpiration",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/b6f5e05c-0aaa-4337-8dd4-357c399d12ae",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "b6f5e05c-0aaa-4337-8dd4-357c399d12ae"
}