AuditEvent logging should be enabled
Ensure that AuditEvent logging is enabled for Azure Key Vault instances in order to record any interactions with your vaults for enhancing data protection and compliance within your Azure cloud account.
Ensure that AuditEvent logging is enabled for Azure Key Vault instances in order to record any interactions with your vaults for enhancing data protection and compliance within your Azure cloud account.
Ensure that production Azure Key Vaults are recoverable in order to prevent permanent deletion/purging of encryption keys, secrets and certificates stored within these vaults. To make your Azure Key Vault instances recoverable, you need to enable both "Soft Delete" and "Do Not Purge" features.
Ensure that, Allow trusted Microsoft services to bypass this firewall, exception is enabled within your Azure Key Vault network settings in order to grant vault access to trusted Azure cloud services.
Ensure that your Microsoft Azure Key Vaults are configured to deny access to traffic from all networks (including the public Internet). This adds an important layer of security.
In Microsoft Azure Key Vault, check for any Users, Groups or Applications with full administrator privileges configured to access and manage Azure Key Vaults, in order to adhere to security best practices and implement the principle of least privileges.
In Microsoft Azure Key Vault, check for any keys that does not have any expiration time set.
In Microsoft Azure Key Vault, check for any keys that are about to expire and rotate them by creating a new version of these keys.
In Microsoft Azure Key Vault, check for any secrets that does not have any expiration time set.
In Microsoft Azure Key Vault, check for any secrets that are about to expire and rotate them by creating a new version of these secrets.
Microsoft Azure Key Vault service can renew your SSL certificates automatically in order to prevent any application or service outage, credential leak, or process violation that can disrupts your business.
In Microsoft Azure Key Vault, ensure that certificates have a sufficient auto-renewal period configured for security and compliance purposes. This period indicates the amount of time (number of days) before SSL certificate expiration, when the renewal process is automatically triggered.
In Microsoft Azure Key Vault, check for any certificates that are generated with minimum key size allowed within your organization, for security and compliance purposes.
Ensure that Certificate Transparency feature is enabled for all Azure Key Vault SSL/TLS certificates in order to adhere to best practices. Certificate Transparency (CT) is a new Internet standard that addresses the concerns about mis-issued certificates by making the Transport Layer Security (TLS) ecosystem publicly auditable.