Azure – New Azure Key Vault policies to help you manage your certificates

As you know, with Azure Key Vault you can save various credentials details, including certificates used by your application or your Azure infrastructure services.

With the increase of certificates use, you may have more and more certificates saved into your Key Vault, making it more complicated to manage.

Well, good new, new policies have been added to help you in your certificates management stored on Azure Key Vault. With these new policies, you can manage your certificates using the following tagging options:

  • Issuer Policy: Flag certificates that are (or are not) issued by a particular issuer
  • Key Type Policy: Flag certificates that are (or are not) protected by a RSA or ECC key pairs
  • Key Size Policy: Flag certificates that are (or are not protected) by a key of a certain size
  • Expiry Policy: Flag certificates that are (or are not) renewed within “X” number of days of their expiry date
  • Validity Lifespan Policy: Flag certificates that have (or do not have) Validity Lifespan that is less than, or more than, or equal to “X” number of years

To start using these new policies, logon to your Azure portal ( and reach out to the Policy configuration blade


Then access the Definition blade, available below the Authoring section


Filter the available policy by searching for Policy as definition type and Key Vault as category


Then assign the policy/policies you want to implement for your certificates in your Key Vault.

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies