last sync: 2024-Oct-15 17:53:32 UTC

[Preview]: Linux virtual machines should use only signed and trusted boot components

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Linux virtual machines should use only signed and trusted boot components
Id 13a6c84f-49a5-410a-b5df-5b880c3fe009
Version 1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description All OS boot components (boot loader, kernel, kernel drivers) must be signed by trusted publishers. Defender for Cloud has identified untrusted OS boot components on one or more of your Linux machines. To protect your machines from potentially malicious components, add them to your allow list or remove the identified components.
Mode All
Type BuiltIn
Preview True
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType True True
THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code True False
Rule resource types IF (1)
Microsoft.Compute/virtualMachines
Compliance
The following 1 compliance controls are associated with this Policy definition '[Preview]: Linux virtual machines should use only signed and trusted boot components' (13a6c84f-49a5-410a-b5df-5b880c3fe009)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Posture and Vulnerability Management Audit and enforce secure configurations for compute resources Shared **Security Principle:** Continuously monitor and alert when there is a deviation from the defined configuration baseline in your compute resources. Enforce the desired configuration according to the baseline configuration by denying the non-compliant configuration or deploy a configuration in compute resources. **Azure Guidance:** Use Microsoft Defender for Cloud and Azure Policy guest configuration agent to regularly assess and remediate configuration deviations on your Azure compute resources, including VMs, containers, and others. In addition, you can use Azure Resource Manager templates, custom operating system images, or Azure Automation State Configuration to maintain the security configuration of the operating system. Microsoft VM templates in conjunction with Azure Automation State Configuration can assist in meeting and maintaining security requirements. Note: Azure Marketplace VM images published by Microsoft are managed and maintained by Microsoft. **Implementation and additional context:** How to implement Microsoft Defender for Cloud vulnerability assessment recommendations: https://docs.microsoft.com/azure/security-center/security-center-vulnerability-assessment-recommendations How to create an Azure virtual machine from an ARM template: https://docs.microsoft.com/azure/virtual-machines/windows/ps-template Azure Automation State Configuration overview: https://docs.microsoft.com/azure/automation/automation-dsc-overview Create a Windows virtual machine in the Azure portal: https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-portal Container security in Microsoft Defender for Cloud: https://docs.microsoft.com/azure/security-center/container-security n/a link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-06-06 18:29:21 add 13a6c84f-49a5-410a-b5df-5b880c3fe009
JSON compare n/a
JSON
api-version=2021-06-01
EPAC