last sync: 2021-Jan-20 16:06:14 UTC

Azure Policy definition

[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed

Name [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed
Azure Portal
Id 12f7e5d0-42a7-4630-80d8-54fb7cff9bd6
Version 1.2.0-deprecated
details on versioning
Category Guest Configuration
Microsoft docs
Description This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated True
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-09-09 11:24:03 change Previous DisplayName: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Audit Windows VMs that do not have the specified applications installed 25ef9b72-4af2-4501-acd1-fc814e73dde1 Guest Configuration Deprecated
Json
{
  "properties": {
  "displayName": "[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.2.0-deprecated",
      "category": "Guest Configuration",
      "requiredProviders": [
        "Microsoft.GuestConfiguration"
      ],
      "deprecated": true
    },
    "parameters": {
      "installedApplication": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Application names (supports wildcards)",
          "description": "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')"
        }
      }
    },
    "policyRule": {
      "if": {
        "anyOf": [
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Compute/virtualMachines"
              },
              {
                "anyOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "in": [
                      "esri",
                      "incredibuild",
                      "MicrosoftDynamicsAX",
                      "MicrosoftSharepoint",
                      "MicrosoftVisualStudio",
                      "MicrosoftWindowsDesktop",
                      "MicrosoftWindowsServerHPCPack"
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftWindowsServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "2008*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftSQLServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "notLike": "SQL2008*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-dsvm"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "dsvm-windows"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-ads"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "standard-data-science-vm",
                          "windows-data-science-vm"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "batch"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "rendering-windows2016"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "center-for-internet-security-inc"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "cis-windows-server-201*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "pivotal"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "bosh-windows-server*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "cloud-infrastructure-services"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "ad*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
                            "exists": "true"
                          },
                          {
                            "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                            "like": "Windows*"
                          }
                        ]
                      },
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/imageSKU",
                            "exists": "false"
                          },
                          {
                            "allOf": [
                              {
                                "field": "Microsoft.Compute/imageSKU",
                                "notLike": "2008*"
                              },
                              {
                                "field": "Microsoft.Compute/imageOffer",
                                "notLike": "SQL2008*"
                              }
                            ]
                          }
                        ]
                      }
                    ]
                  }
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.HybridCompute/machines"
              },
              {
                "field": "Microsoft.HybridCompute/imageOffer",
                "like": "windows*"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
          "name": "WhitelistedApplication",
          "existenceCondition": {
            "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
          "equals": "[base64(concat('[InstalledApplication]bwhitelistedapp;Name', '=', parameters('installedApplication')))]"
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "type": {
                "value": "[field('type')]"
                },
                "configurationName": {
                  "value": "WhitelistedApplication"
                },
                "installedApplication": {
                "value": "[parameters('installedApplication')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "type": {
                    "type": "string"
                  },
                  "configurationName": {
                    "type": "string"
                  },
                  "installedApplication": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                  "condition": "[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]",
                    "apiVersion": "2018-11-20",
                    "type": "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments",
                  "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                  "location": "[parameters('location')]",
                    "properties": {
                      "guestConfiguration": {
                      "name": "[parameters('configurationName')]",
                        "version": "1.*",
                        "configurationParameter": [
                          {
                          "name": "[InstalledApplication]bwhitelistedapp;Name",
                          "value": "[parameters('installedApplication')]"
                          }
                        ]
                      }
                    }
                  },
                  {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                    "apiVersion": "2018-11-20",
                    "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments",
                  "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                  "location": "[parameters('location')]",
                    "properties": {
                      "guestConfiguration": {
                      "name": "[parameters('configurationName')]",
                        "version": "1.*",
                        "configurationParameter": [
                          {
                          "name": "[InstalledApplication]bwhitelistedapp;Name",
                          "value": "[parameters('installedApplication')]"
                          }
                        ]
                      }
                    }
                  },
                  {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                    "apiVersion": "2019-07-01",
                    "type": "Microsoft.Compute/virtualMachines",
                    "identity": {
                      "type": "SystemAssigned"
                    },
                  "name": "[parameters('vmName')]",
                  "location": "[parameters('location')]"
                  },
                  {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                    "apiVersion": "2019-07-01",
                  "name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]",
                    "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                    "properties": {
                      "publisher": "Microsoft.GuestConfiguration",
                      "type": "ConfigurationforWindows",
                      "typeHandlerVersion": "1.1",
                      "autoUpgradeMinorVersion": true,
                      "settings": {
                        
                      },
                      "protectedSettings": {
                        
                      }
                    },
                    "dependsOn": [
                    "[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]"
                    ]
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"
}