Unable to obtain Certificate from MS ADCS with Validity < 24h

[jyppy]

PROBLEM SUMMARY
When using the backend plugin with a Microsoft ADCS Certificate Authority the shortest validity that can be received by the CA is 24 h

STEPS TO REPRODUCE
Install and configure vault-pki-backend plugin, set issuer_hint=m

vault read myMSCA/roles/tpp
Key Value

---

chain_option last
generate_lease false
issuer_hint m
max_ttl 0s
no_store false
role_zone n/a
service_generated_cert false
store_by n/a
store_pkey false
ttl 0s
venafi_secret tpp

EXPECTED RESULTS

Request a certificate with 24h validity returns the correct duration

This is as expected - TTL=24h
vault write myMSCA/issue/tpp common_name="$CERT" alt_names="$CERT" ttl="24h" -format=json | jq -r '.data.certificate' |openssl x509 -noout -dates -serial
notBefore=Jun 22 21:12:27 2023 GMT
notAfter=Jun 23 21:22:26 2023 GMT
serial=25000014DCA3F9DCF86579676F0001000014DC

This is not - TTL=12h
vault write myMSCA/issue/tpp common_name="$CERT" alt_names="$CERT" ttl="12h" -format=json | jq -r '.data.certificate' |openssl x509 -noout -dates -serial
notBefore=Jun 22 21:17:02 2023 GMT
notAfter=Jun 23 21:27:02 2023 GMT
serial=25000014DDA353939076EF42FA0001000014DD
ACTUAL RESULTS

The validity period is 24h when 12h was requested

ENVIRONMENT DETAILS

Calling the Venafi API directly to obtain a cert with ~ 2h validity works

POST /vedsdk/certificates/request
...
"CASpecificAttributes": [
{
"Name": "Microsoft CA:Specific End Date",
"Value": "22-JUN-23 23:00:00"
}
]

Return a cert with the following validity

    "ValidFrom": "2023-06-22T21:19:39.0000000Z",
    "ValidTo": "2023-06-22T23:00:00.0000000Z"

COMMENTS/WORKAROUNDS