"Microsoft.KeyVault.Data" not supported for custom policies

[lindbeck]

Details of the scenario you tried and the problem that is occurring

When creating a custom policy that includes "Microsoft.KeyVault.Data", an error is returned.

This is a problem for us as Microsoft 365 requires customer keys to never expire, therefor we want to create a custom policy that denies creation of keys with an expiration date to mitigate the risk of human error leading to creation of keys with expiration set.

Verbose logs showing the problem

The provider 'Microsoft.KeyVault.Data' referenced by the 'field' property 'Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn' of the policy rule doesn't exist. (Code:InvalidProviderNameInPolicyAlias)

Suggested solution to the issue

Bring support for "Microsoft.KeyVault.Data" in custom policies.

If policy is Guest Configuration - details about target node

[pklaudat]

Any news on this? Need it asap, not only for key vault, but for any other resource provider not available today, such as microsoft.network.data (used by AVNM).

[GabrielPrzybysz]

I'm experiencing the same issue. Are there any updates on this?

[giladof]

I agree, this needs to be addressed asap

[JaimePalazuelosB]

Furthermore, policy 98728c90-32c7-4049-8429-847dc0f4fe37 shows the Key Vault as compliant as long as any secret has an ExpiresOn date, ignoring the non-compliant secrets.