From 17cffd10f317ace8253b7b7f79bd65d559e6772d Mon Sep 17 00:00:00 2001 From: Arash Rezai <157028889+arrerezai@users.noreply.github.com> Date: Fri, 24 Oct 2025 16:37:49 +0200 Subject: [PATCH 1/2] Update Enforce-Guardrails-KeyVault.json It's called Hardware Security Module, hence HSM (and not HMS). --- .../Enforce-Guardrails-KeyVault.json | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json index 9d4fb93156..28adf9f950 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json @@ -223,7 +223,7 @@ "Disabled" ] }, - "keyVaultHmsPurgeProtection": { + "keyVaultHsmPurgeProtection": { "type": "string", "defaultValue": "Deny", "allowedValues": [ @@ -248,7 +248,7 @@ "type": "integer", "defaultValue": 12 }, - "keyVaultHmsKeysExpiration": { + "keyVaultHsmKeysExpiration": { "type": "string", "defaultValue": "Deny", "allowedValues": [ @@ -412,7 +412,7 @@ "type": "integer", "defaultValue": 90 }, - "keyVaultHmsCurveNames": { + "keyVaultHsmCurveNames": { "type": "string", "defaultValue": "Deny", "allowedValues": [ @@ -421,7 +421,7 @@ "Disabled" ] }, - "keyVaultHmsCurveNamesValue": { + "keyVaultHsmCurveNamesValue": { "type": "array", "defaultValue": [ "P-256", @@ -603,12 +603,12 @@ }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383", - "policyDefinitionReferenceId": "Deny-KV-Hms-PurgeProtection", + "policyDefinitionReferenceId": "Deny-KV-Hsm-PurgeProtection", "definitionVersion": "1.*.*", "groupNames": [], "parameters": { "effect": { - "value": "[[parameters('keyVaultHmsPurgeProtection')]" + "value": "[[parameters('keyVaultHsmPurgeProtection')]" } } }, @@ -628,12 +628,12 @@ }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5", - "policyDefinitionReferenceId": "Deny-KV-Hms-Key-Expire", + "policyDefinitionReferenceId": "Deny-KV-Hsm-Key-Expire", "definitionVersion": "1.*.*-preview", "groupNames": [], "parameters": { "effect": { - "value": "[[parameters('keyVaultHmsKeysExpiration')]" + "value": "[[parameters('keyVaultHsmKeysExpiration')]" } } }, @@ -797,10 +797,10 @@ "groupNames": [], "parameters": { "effect": { - "value": "[[parameters('keyVaultHmsCurveNames')]" + "value": "[[parameters('keyVaultHsmCurveNames')]" }, "allowedECNames": { - "value": "[[parameters('keyVaultHmsCurveNamesValue')]" + "value": "[[parameters('keyVaultHsmCurveNamesValue')]" } } }, @@ -821,4 +821,4 @@ ], "policyDefinitionGroups": null } -} \ No newline at end of file +} From a8929407e77c46317264a5cee750d491615fb478 Mon Sep 17 00:00:00 2001 From: Arash Rezai <157028889+arrerezai@users.noreply.github.com> Date: Thu, 6 Nov 2025 14:46:14 +0100 Subject: [PATCH 2/2] Update Enforce-Guardrails-KeyVault.json Bumping up the minor version following the change --- .../policySetDefinitions/Enforce-Guardrails-KeyVault.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json index 28adf9f950..faa01219a5 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Azure Key Vault", "description": "Enforce recommended guardrails for Azure Key Vault.", "metadata": { - "version": "2.2.0", + "version": "2.3.0", "category": "Key Vault", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [