AzPolicyAdvertizer

last sync: 2025-Jun-18 17:23:32 UTC

[Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension
Id 009259b0-12e8-42c9-94e7-7af86aa58d13
Version 2.1.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
2.1.0-preview
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Configure VMSS created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '2.1.0-preview'
Repository: Azure-Policy 009259b0-12e8-42c9-94e7-7af86aa58d13
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Reader acdd72a7-3385-48ef-bd42-f606fba81ae7
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Rule aliases IF (5)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageid Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.id
properties.virtualMachineProfile.storageProfile.imageReference.id
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.securityType Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.securityType True False
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.uefiSettings True False
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled True False
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled Microsoft.Compute virtualMachineScaleSets properties.virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled True False
THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher Microsoft.Compute virtualMachineScaleSets/extensions properties.publisher True False
Microsoft.Compute/virtualMachineScaleSets/extensions/type Microsoft.Compute virtualMachineScaleSets/extensions properties.type True False
Rule resource types IF (1)
THEN-Deployment (1)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs 281d9e47-d14d-4f05-b8eb-18f2c4a034ff Trusted Launch Preview BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-02-27 19:03:54 change Minor, suffix remains equal (2.0.0-preview > 2.1.0-preview)
2021-11-12 16:23:07 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-22 15:42:38 add 009259b0-12e8-42c9-94e7-7af86aa58d13
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC