{
  "properties": {
    "displayName": "Key Vault should be in RBAC authentication mode.",
    "policyType": "Custom",
    "mode": "All",
    "description": "This policy allows enforcing RBAC authentication for Key Vault.",
    "metadata": {
      "category": "Key Vault",
      "createdBy": "c6025a2e-416c-42da-96ef-dd507382793a",
      "createdOn": "2024-04-12T14:36:53.5411731Z",
      "updatedBy": null,
      "updatedOn": null
    },
    "version": "1.0.0",
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault/vaults"
          },
          {
            "not":
            {
              "field": "Microsoft.KeyVault/vaults/enableRbacAuthorization",
              "equals": "true"
            }
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]"
      }
    },
    "versions": [
      "1.0.0"
    ]
  },
  "id": "/providers/Microsoft.Management/managementGroups/ManagementGroup_SurveySoftware/providers/Microsoft.Authorization/policyDefinitions/e889bb98-9f0c-4bec-8c72-6019781549e5",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e889bb98-9f0c-4bec-8c72-6019781549e5",
  "systemData": {
    "createdBy": "jurjen.ladenius@effectory.com",
    "createdByType": "User",
    "createdAt": "2024-04-12T14:36:53.5414063Z",
    "lastModifiedBy": "jurjen.ladenius@effectory.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-04-12T14:36:53.5414063Z"
  }
}