/
HealthBot_CustomerManagedKey_Audit.json
50 lines (50 loc) · 1.71 KB
/
HealthBot_CustomerManagedKey_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Azure Health Bots should use customer-managed keys to encrypt data at rest",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Use customer-managed keys (CMK) to manage the encryption at rest of the data of your healthbots. By default, the data is encrypted at rest with service-managed keys, but CMK are commonly required to meet regulatory compliance standards. CMK enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://docs.microsoft.com/azure/health-bot/cmk",
"metadata": {
"version": "1.0.0",
"category": "Health Bot"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "The desired effect of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HealthBot/healthBots"
},
{
"field": "Microsoft.HealthBot/healthBots/keyVaultProperties.keyVaultUri",
"exists": "false"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/4d080fa5-a6d2-4f98-ba9c-f482d0d335c0",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "4d080fa5-a6d2-4f98-ba9c-f482d0d335c0"
}