AzPolicyAdvertizer

last sync: 2022-Jun-28 16:32:57 UTC

Azure Policy definition

[Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension

Name [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension
Azure Portal
Id 009259b0-12e8-42c9-94e7-7af86aa58d13
Version 2.0.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Configure VMSS created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Reader acdd72a7-3385-48ef-bd42-f606fba81ae7
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Rule Aliases IF (5)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/imageid Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.id
properties.virtualMachineProfile.storageProfile.imageReference.id
properties.creationData.imageReference.id		 false
false
false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.securityType Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.securityType false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.uefiSettings false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled false
THEN-ExistenceCondition (3)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState Microsoft.Compute virtualMachineScaleSets/extensions properties.provisioningState false
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher Microsoft.Compute virtualMachineScaleSets/extensions properties.publisher false
Microsoft.Compute/virtualMachineScaleSets/extensions/type Microsoft.Compute virtualMachineScaleSets/extensions properties.type false
Rule ResourceTypes IF (1)
Microsoft.Compute/virtualMachineScaleSets
THEN-Deployment (1)
Microsoft.Compute/virtualMachineScaleSets/extensions
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-11-12 16:23:07 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-22 15:42:38 add 009259b0-12e8-42c9-94e7-7af86aa58d13
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs 281d9e47-d14d-4f05-b8eb-18f2c4a034ff Trusted Launch Preview BuiltIn
JSON Changes

JSON