Extend KeyVault Certificates funcationality to allow for use as an Enterprise CA.
Extend the functionality of Key Vault Certificates to all for using as an Enterprise CA with functionality similar to Active Directory Certificate Services.
New service should integrate with the virtual network.
Should support the use of modern crypto and hashing.
Should support ECDSA Keys
Should support root CA key being in an HSM.
Should auto configure an OcSP end point.
Should warn against use of legacy crypto.
Should allow for cross-subscription connecting (need to connect my dev\test key vault to my enterprise keyvault CA.
Should integrate with KeyVault Policies to allow for RBAC.
Post Setup: Allow export of GPO for trusting the enterprise root.