This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 28.000000000000004%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I am trying to implement azure custom policy for key vault where I want to enforce user to enable nbf and exp, without that it shouldn't be allowed. It directly comes as compliance without showing any resource validation. There is also no reference of activity logs and event in azure policy and Keyvault.
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
{
"anyOf": [
{
"field": "Microsoft.KeyVault/vaults/secrets/attributes.enabled",
"notEquals": "true"
},
{
"field": "Microsoft.KeyVault/vaults/secrets/attributes.nbf",
"equals": "null"
},
{
"field": "Microsoft.KeyVault/vaults/secrets/attributes.exp",
"equals": "null"
},
]
}
]
},
"then": {
"effect": "Deny"
}
Hi @nimishmehta8779 , as this is a custom policy , the best channel to assist will be our Azure technical support. Requests for technical support require a support plan.
If you do not have a support plan, send mail to AzCommunity@microsoft.com including your subscirption ID and a link to this post/thread for reference and we will gladly assist you further.
Also wanted to confirm your customization is based on the Azure Policy integration with Key vault described here.
Looking forward to your repsonse,
Cheers.
Key Vault keys and secrets are current not available for enforcement. Built-in policies will be available in the next month or so. Custom policies don't have an ETA at the moment.