|
Policy Rule
|
{
"properties": {
"displayName": "[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
"metadata": {
"version": "1.2.0-deprecated",
"category": "Guest Configuration",
"requiredProviders": [
"Microsoft.GuestConfiguration"
],
"deprecated": true
},
"parameters": {
"installedApplication": {
"type": "String",
"metadata": {
"displayName": "[Deprecated]: Application names (supports wildcards)",
"description": "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')"
}
}
},
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"in": [
"esri",
"incredibuild",
"MicrosoftDynamicsAX",
"MicrosoftSharepoint",
"MicrosoftVisualStudio",
"MicrosoftWindowsDesktop",
"MicrosoftWindowsServerHPCPack"
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServer"
},
{
"field": "Microsoft.Compute/imageSKU",
"notLike": "2008*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftSQLServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"notLike": "SQL2008*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "microsoft-dsvm"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "dsvm-windows"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "microsoft-ads"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"standard-data-science-vm",
"windows-data-science-vm"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "batch"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "rendering-windows2016"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "center-for-internet-security-inc"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "cis-windows-server-201*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "pivotal"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "bosh-windows-server*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "cloud-infrastructure-services"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "ad*"
}
]
},
{
"allOf": [
{
"anyOf": [
{
"field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
"exists": "true"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
"like": "Windows*"
}
]
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"exists": "false"
},
{
"allOf": [
{
"field": "Microsoft.Compute/imageSKU",
"notLike": "2008*"
},
{
"field": "Microsoft.Compute/imageOffer",
"notLike": "SQL2008*"
}
]
}
]
}
]
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/machines"
},
{
"field": "Microsoft.HybridCompute/imageOffer",
"like": "windows*"
}
]
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
"name": "WhitelistedApplication",
"existenceCondition": {
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
"equals": "[base64(concat('[InstalledApplication]bwhitelistedapp;Name', '=', parameters('installedApplication')))]"
},
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"vmName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
},
"type": {
"value": "[field('type')]"
},
"configurationName": {
"value": "WhitelistedApplication"
},
"installedApplication": {
"value": "[parameters('installedApplication')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"type": {
"type": "string"
},
"configurationName": {
"type": "string"
},
"installedApplication": {
"type": "string"
}
},
"resources": [
{
"condition": "[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]",
"apiVersion": "2018-11-20",
"type": "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments",
"name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
"location": "[parameters('location')]",
"properties": {
"guestConfiguration": {
"name": "[parameters('configurationName')]",
"version": "1.*",
"configurationParameter": [
{
"name": "[InstalledApplication]bwhitelistedapp;Name",
"value": "[parameters('installedApplication')]"
}
]
}
}
},
{
"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
"apiVersion": "2018-11-20",
"type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments",
"name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
"location": "[parameters('location')]",
"properties": {
"guestConfiguration": {
"name": "[parameters('configurationName')]",
"version": "1.*",
"configurationParameter": [
{
"name": "[InstalledApplication]bwhitelistedapp;Name",
"value": "[parameters('installedApplication')]"
}
]
}
}
},
{
"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
"apiVersion": "2019-07-01",
"type": "Microsoft.Compute/virtualMachines",
"identity": {
"type": "SystemAssigned"
},
"name": "[parameters('vmName')]",
"location": "[parameters('location')]"
},
{
"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
"apiVersion": "2019-07-01",
"name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.GuestConfiguration",
"type": "ConfigurationforWindows",
"typeHandlerVersion": "1.1",
"autoUpgradeMinorVersion": true,
"settings": {
},
"protectedSettings": {
}
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]"
]
}
]
}
}
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"
}
|