last sync: 2021-Oct-22 15:42:38 UTC

Azure Policy definition

[Preview]: Configure machines to receive a vulnerability assessment provider

Name [Preview]: Configure machines to receive a vulnerability assessment provider
Azure Portal
Id 13ce0167-8ca6-4048-8e6b-f996402e3c1b
Version 2.2.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Azure Defender includes vulnerability scanning for your machines at no extra cost. You don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center. When you enable this policy, Azure Defender automatically deploys the Qualys vulnerability assessment provider to all supported machines that don't already have it installed.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-13 16:35:32 change Minor, suffix remains equal (2.1.0-preview > 2.2.0-preview)
2021-05-04 14:34:06 change Minor, suffix remains equal (2.0.0-preview > 2.1.0-preview)
2021-03-10 14:52:46 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-03-09 14:37:41 add 13ce0167-8ca6-4048-8e6b-f996402e3c1b
Used in Initiatives none
JSON Changes

JSON
{
  "displayName": "[Preview]: Configure machines to receive a vulnerability assessment provider",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Azure Defender includes vulnerability scanning for your machines at no extra cost. You don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center. When you enable this policy, Azure Defender automatically deploys the Qualys vulnerability assessment provider to all supported machines that don't already have it installed.",
  "metadata": {
    "category": "Security Center",
    "preview": true,
    "version": "2.2.0-preview"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    },
    "vaType": {
      "type": "String",
      "metadata": {
        "displayName": "Vulnerability assessment provider type",
        "description": "Select the vulnerability assessment solution to provision to machines."
      },
      "allowedValues": [
        "default",
        "mdeTvm"
      ],
      "defaultValue": "default"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "in": [
        "Microsoft.Compute/virtualMachines",
        "Microsoft.HybridCompute/machines"
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Security/assessments",
        "name": "ffff0522-1e88-47fc-8382-2a80ba848f5d",
        "evaluationDelay": "AfterProvisioningSuccess",
        "existenceCondition": {
          "field": "Microsoft.Security/assessments/status.code",
          "in": [
            "NotApplicable",
            "Healthy"
          ]
        },
        "deployment": {
          "properties": {
            "mode": "Incremental",
            "template": {
              "contentVersion": "1.0.0.0",
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "parameters": {
                "vmName": {
                  "type": "String"
                },
                "resourceType": {
                  "type": "string"
                },
                "vaType": {
                  "type": "string"
                }
              },
              "variables": {
                "resourceNameAndVaType": "[concat(parameters('vmName'), '/Microsoft.Security/', parameters('vaType'))]"
              },
              "resources": [
                {
                  "condition": "[equals(toLower(parameters('resourceType')), toLower('microsoft.compute/virtualmachines'))]",
                  "type": "Microsoft.Compute/virtualMachines/providers/serverVulnerabilityAssessments",
                  "name": "[variables('resourceNameAndVaType')]",
                  "apiVersion": "2020-01-01"
                },
                {
                  "condition": "[equals(toLower(parameters('resourceType')), toLower('microsoft.hybridcompute/machines'))]",
                  "type": "Microsoft.HybridCompute/machines/providers/serverVulnerabilityAssessments",
                  "name": "[variables('resourceNameAndVaType')]",
                  "apiVersion": "2020-01-01"
                }
              ]
            },
            "parameters": {
              "vmName": {
                "value": "[field('name')]"
              },
              "resourceType": {
                "value": "[field('type')]"
              },
              "vaType": {
                "value": "[parameters('vaType')]"
              }
            }
          }
        },
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
        ]
      }
    }
  }
}