Is there a way to check if the certificate generated/provisioned in Azure Key Vault uses exportable private keys? Great question! The short answer is yes because that is the default setting. You may be wondering, that is great, but how can I double-check? Glad you asked!
When creating a new certificate in Azure Key Vault, we have the Advanced Policy Configuration (Item 1). Click on it.
On the new blade, we have several options for the cert that we are about to generate, and one of them is the Exportable Private Key. (Item 2), as you can see, it is enabled by default.
An important note from the field, there is a sort of glitch on this blade. If you click OK, the status will not change from Not Configured. If you change any configuration on the blade and return to the original value, the status of Item 1 will change to Configured.
Just keep that in mind that by not doing anything, we are already creating a new cert. We will be using the default values listed in the image above.