Enable Role Based Access Control for Azure Key Vault
Why This Matter
Without Azure RBAC enabled on Key Vaults, administrators are limited to vault access policies, which often result in overly broad permissions and lack the granular control needed for secure operations. This increases the risk of unauthorized access to sensitive keys, secrets, and certificates. By adopting Azure RBAC, you can enforce just-in-time (JIT) access management and reduce the attack surface through fine-grained role assignments.
What Aether365 Checks
This check verifies that each Azure Key Vault has its permission model set to Azure role-based access control (RBAC). It appears in your Aether365 dashboard under the azure-azure-keyvault checks category.
How to Fix
To enable Azure RBAC for an existing Key Vault: