pklaudat
commented
2 months ago Any news on this? Need it asap, not only for key vault, but for any other resource provider not available today, such as microsoft.network.data (used by AVNM).
Open lindbeck opened 4 months ago
pklaudat
commented
2 months ago Any news on this? Need it asap, not only for key vault, but for any other resource provider not available today, such as microsoft.network.data (used by AVNM).
lindbeck
commented
2 months ago @pklaudat It seems that both of these are now supported according to the documentation: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure-basics#resource-provider-modes
I have not verified this myself however, but it will be interesting to see if it works!
EDIT: Nevermind, I didn't read the article properly. This is old info that just states that they are supported for built-in policy. Sorry if I got your hopes up 😄
GabrielPrzybysz
commented
2 months ago I'm experiencing the same issue. Are there any updates on this?
giladof
commented
3 weeks ago I agree, this needs to be addressed asap
Details of the scenario you tried and the problem that is occurring
When creating a custom policy that includes "Microsoft.KeyVault.Data", an error is returned.
This is a problem for us as Microsoft 365 requires customer keys to never expire, therefor we want to create a custom policy that denies creation of keys with an expiration date to mitigate the risk of human error leading to creation of keys with expiration set.
Verbose logs showing the problem
The provider 'Microsoft.KeyVault.Data' referenced by the 'field' property 'Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn' of the policy rule doesn't exist. (Code:InvalidProviderNameInPolicyAlias)
Suggested solution to the issue
Bring support for "Microsoft.KeyVault.Data" in custom policies.
If policy is Guest Configuration - details about target node