PIM settings script #99024

Script for management group overview #97859
2026-02-27 18:52:18 +01:00 · 2024-04-18 09:00:04 +02:00
parent c91b0f0908
commit 5003d32cad
8 changed files with 378 additions and 4 deletions
--- a/Policies/key
+++ b/Policies/key
@@ -0,0 +1,65 @@
+{
+  "properties": {
+    "displayName": "Key Vault should be in RBAC authentication mode.",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "This policy allows enforcing RBAC authentication for Key Vault.",
+    "metadata": {
+      "category": "Key Vault",
+      "createdBy": "c6025a2e-416c-42da-96ef-dd507382793a",
+      "createdOn": "2024-04-12T14:36:53.5411731Z",
+      "updatedBy": null,
+      "updatedOn": null
+    },
+    "version": "1.0.0",
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "audit",
+          "deny",
+          "disabled"
+        ],
+        "defaultValue": "audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.KeyVault/vaults"
+          },
+          {
+            "not":
+            {
+              "field": "Microsoft.KeyVault/vaults/enableRbacAuthorization",
+              "equals": "true"
+            }
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    },
+    "versions": [
+      "1.0.0"
+    ]
+  },
+  "id": "/providers/Microsoft.Management/managementGroups/ManagementGroup_SurveySoftware/providers/Microsoft.Authorization/policyDefinitions/e889bb98-9f0c-4bec-8c72-6019781549e5",
+  "type": "Microsoft.Authorization/policyDefinitions",
+  "name": "e889bb98-9f0c-4bec-8c72-6019781549e5",
+  "systemData": {
+    "createdBy": "jurjen.ladenius@effectory.com",
+    "createdByType": "User",
+    "createdAt": "2024-04-12T14:36:53.5414063Z",
+    "lastModifiedBy": "jurjen.ladenius@effectory.com",
+    "lastModifiedByType": "User",
+    "lastModifiedAt": "2024-04-12T14:36:53.5414063Z"
+  }
+}