AzPolicyAdvertizer

last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed

Name [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed
Azure Portal

Id 12f7e5d0-42a7-4630-80d8-54fb7cff9bd6

Version 1.2.0-deprecated
details on versioning

Category Guest Configuration
Microsoft docs

Description This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated True

Effect Fixed: deployIfNotExists

Used RBAC Role

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-09-09 11:24:03	change	Previous DisplayName: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Deprecated]: Audit Windows VMs that do not have the specified applications installed	25ef9b72-4af2-4501-acd1-fc814e73dde1	Guest Configuration	Deprecated

JSON

{
  "displayName": "[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
  "metadata": {
    "version": "1.2.0-deprecated",
    "category": "Guest Configuration",
    "requiredProviders": [
      "Microsoft.GuestConfiguration"
    ],
    "deprecated": true
  },
  "parameters": {
    "installedApplication": {
      "type": "String",
      "metadata": {
        "displayName": "Application names (supports wildcards)",
        "description": "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')"
      }
    }
  },
  "policyRule": {
    "if": {
      "anyOf": [
        {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.Compute/virtualMachines"
            },
            {
              "anyOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "in": [
                    "esri",
                    "incredibuild",
                    "MicrosoftDynamicsAX",
                    "MicrosoftSharepoint",
                    "MicrosoftVisualStudio",
                    "MicrosoftWindowsDesktop",
                    "MicrosoftWindowsServerHPCPack"
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "MicrosoftWindowsServer"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "2008*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "MicrosoftSQLServer"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "notLike": "SQL2008*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoft-dsvm"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "dsvm-windows"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoft-ads"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "in": [
                        "standard-data-science-vm",
                        "windows-data-science-vm"
                      ]
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "batch"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "rendering-windows2016"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "center-for-internet-security-inc"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "cis-windows-server-201*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "pivotal"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "bosh-windows-server*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "cloud-infrastructure-services"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "ad*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "anyOf": [
                        {
                          "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
                          "exists": "true"
                        },
                        {
                          "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                          "like": "Windows*"
                        }
                      ]
                    },
                    {
                      "anyOf": [
                        {
                          "field": "Microsoft.Compute/imageSKU",
                          "exists": "false"
                        },
                        {
                          "allOf": [
                            {
                              "field": "Microsoft.Compute/imageSKU",
                              "notLike": "2008*"
                            },
                            {
                              "field": "Microsoft.Compute/imageOffer",
                              "notLike": "SQL2008*"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          ]
        },
        {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.HybridCompute/machines"
            },
            {
              "field": "Microsoft.HybridCompute/imageOffer",
              "like": "windows*"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "deployIfNotExists",
      "details": {
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
        "name": "WhitelistedApplication",
        "existenceCondition": {
          "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
          "equals": "[base64(concat('[InstalledApplication]bwhitelistedapp;Name', '=', parameters('installedApplication')))]"
        },
        "deployment": {
          "properties": {
            "mode": "incremental",
            "parameters": {
              "vmName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              },
              "type": {
                "value": "[field('type')]"
              },
              "configurationName": {
                "value": "WhitelistedApplication"
              },
              "installedApplication": {
                "value": "[parameters('installedApplication')]"
              }
            },
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "vmName": {
                  "type": "string"
                },
                "location": {
                  "type": "string"
                },
                "type": {
                  "type": "string"
                },
                "configurationName": {
                  "type": "string"
                },
                "installedApplication": {
                  "type": "string"
                }
              },
              "resources": [
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]",
                  "apiVersion": "2018-11-20",
                  "type": "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments",
                  "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                  "location": "[parameters('location')]",
                  "properties": {
                    "guestConfiguration": {
                      "name": "[parameters('configurationName')]",
                      "version": "1.*",
                      "configurationParameter": [
                        {
                          "name": "[InstalledApplication]bwhitelistedapp;Name",
                          "value": "[parameters('installedApplication')]"
                        }
                      ]
                    }
                  }
                },
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                  "apiVersion": "2018-11-20",
                  "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments",
                  "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                  "location": "[parameters('location')]",
                  "properties": {
                    "guestConfiguration": {
                      "name": "[parameters('configurationName')]",
                      "version": "1.*",
                      "configurationParameter": [
                        {
                          "name": "[InstalledApplication]bwhitelistedapp;Name",
                          "value": "[parameters('installedApplication')]"
                        }
                      ]
                    }
                  }
                },
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                  "apiVersion": "2019-07-01",
                  "type": "Microsoft.Compute/virtualMachines",
                  "identity": {
                    "type": "SystemAssigned"
                  },
                  "name": "[parameters('vmName')]",
                  "location": "[parameters('location')]"
                },
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                  "apiVersion": "2019-07-01",
                  "name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]",
                  "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                  "properties": {
                    "publisher": "Microsoft.GuestConfiguration",
                    "type": "ConfigurationforWindows",
                    "typeHandlerVersion": "1.1",
                    "autoUpgradeMinorVersion": true,
                    "settings": {},
                    "protectedSettings": {}
                  },
                  "dependsOn": [
                    "[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]"
                  ]
                }
              ]
            }
          }
        }
      }
    }
  }
}