| Policy DisplayName |
Policy Id |
Category |
Effect |
Roles# |
Roles |
State |
Type |
| [Preview]: Azure Key Vault Managed HSM keys should have an expiration date |
1d478a74-21ba-4b9f-9d8f-8e6fced0eec5 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
Preview |
BuiltIn |
| [Preview]: Azure Key Vault Managed HSM Keys should have more than the specified number of days before expiration |
ad27588c-0198-4c84-81ef-08efd0274653 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
Preview |
BuiltIn |
| [Preview]: Azure Key Vault Managed HSM keys using elliptic curve cryptography should have the specified curve names |
e58fd0c1-feac-4d12-92db-0a7e9421f53e |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
Preview |
BuiltIn |
| [Preview]: Azure Key Vault Managed HSM keys using RSA cryptography should have a specified minimum key size |
86810a98-8e91-4a44-8386-ec66d0de5d57 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
Preview |
BuiltIn |
| Azure Key Vault Managed HSM should have purge protection enabled |
c39ba22d-4428-4149-b981-70acb31fc383 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Azure Key Vault should have firewall enabled |
55615ac9-af46-4a59-874e-391cc3dfb490 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Azure Key Vault should use RBAC permission model |
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates should be issued by the specified integrated certificate authority |
8e826246-c976-48f6-b03e-619bb92b3d82 |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates should be issued by the specified non-integrated certificate authority |
a22f4a40-01d3-4c7d-8071-da157eeff341 |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates should have the specified lifetime action triggers |
12ef42cb-9903-4e39-9c26-422d29570417 |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates should have the specified maximum validity period |
0a075868-4c26-42ef-914c-5bc007359560 |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates should not expire within the specified number of days |
f772fb64-8e40-40ad-87bc-7706e1949427 |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates should use allowed key types |
1151cede-290b-4ba0-8b38-0ad145ac888f |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates using elliptic curve cryptography should have allowed curve names |
bd78111f-4953-4367-9fd5-7e08808b54bf |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Certificates using RSA cryptography should have the specified minimum key size |
cee51871-e572-4576-855c-047c820360f0 |
Key Vault |
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
| Key Vault keys should have an expiration date |
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Key Vault secrets should have an expiration date |
98728c90-32c7-4049-8429-847dc0f4fe37 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Key vaults should have deletion protection enabled |
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Key vaults should have soft delete enabled |
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Keys should be the specified cryptographic type RSA or EC |
75c4f823-d65c-4f29-a733-01d0077fdbcb |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Keys should have more than the specified number of days before expiration |
5ff38825-c5d8-47c5-b70e-069a21955146 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Keys should have the specified maximum validity period |
49a22571-d204-4c91-a7b6-09b1a586fbc9 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Keys should not be active for longer than the specified number of days |
c26e4b24-cf98-4c67-b48b-5a25c4c69eb9 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Keys using elliptic curve cryptography should have the specified curve names |
ff25f3c8-b739-4538-9d07-3d6d25cfb255 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Keys using RSA cryptography should have a specified minimum key size |
82067dbb-e53b-4e06-b631-546d197452d9 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Secrets should have content type set |
75262d3e-ba4a-4f43-85f8-9f72c090e5e3 |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Secrets should have more than the specified number of days before expiration |
b0eb591a-5e70-4534-a8bf-04b9c489584a |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Secrets should have the specified maximum validity period |
342e8053-e12e-4c44-be01-c3c2f318400f |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
| Secrets should not be active for longer than the specified number of days |
e8d99835-8a06-45ae-a8e0-87a91941ccfe |
Key Vault |
Default
Audit
Allowed
Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |