What is the significance of the Certificate thumbprints parameter when enabling a policy initiative in Azure Policy?

Hilliard, Joel (10230) 20 Reputation points

Working in a development environment in Azure, with no resources yet deployed. The goal is to understand how to apply the HIPAA/HITRUST Initiative and how that process will play out, what is required, planning, etc. When attempting to assign the initiative to my current resource group, I am prompted for the certificate thumbprints and cannot go further. Looking to understand what the process is asking for and where this would apply in a production environment?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
688 questions
{count} votes

Accepted answer
  1. SwathiDhanwada-MSFT 12,741 Reputation points

    Hilliard, Joel (10230) Welcome to Microsoft Q & A Community Forum. When you attempt to assign the HIPAA/HITRUST Initiative to your resource group, you are prompted for the certificate thumbprints because the initiative includes policies that require a certificate-based authentication for certain Azure services. The certificate thumbprints are used to authenticate the policies that require this type of authentication.

    As part of compliance controls within HIPAA initiative, protocols used to communicate between all involved parties are secured using cryptographic techniques(ex: SSL, certificate). "Audit Windows machines that do not contain the specified certificates in Trusted Root" policy definition which is part of HIPAA initiative audits whether if the machine Trusted Root certificate store (Cert:\LocalMachine\Root) contains one or more of the certificates listed by the policy parameter to verify the compliance of machines.

    For more information on policy definition, refer this link.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful