AzPolicyAdvertizer

last sync: 2023-Jun-07 17:44:43 UTC

Azure Policy definition

Audit Windows machines that contain certificates expiring within the specified number of days

Name

Audit Windows machines that contain certificates expiring within the specified number of days
Azure Portal

1417908b-4bff-46ee-a2a6-4acc899320ab

Version

2.0.0
details on versioning

Category

Guest Configuration
Microsoft docs

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if certificates in the specified store have an expiration date out of range for the number of days given as parameter. The policy also provides the option to only check for specific certificates or exclude specific certificates, and whether to report on expired certificates.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Fixed
auditIfNotExists

RBAC
Role(s)

none

Rule
Aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	VirtualMachines	properties.osProfile.osType	false
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	false

Rule
ResourceTypes

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

Compliance

The following 3 compliance controls are associated with this Policy definition 'Audit Windows machines that contain certificates expiring within the specified number of days' (1417908b-4bff-46ee-a2a6-4acc899320ab)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
SWIFT_CSCF_v2021	2.3	SWIFT_CSCF_v2021_2.3	SWIFT CSCF v2021 2.3	Reduce Attack Surface and Vulnerabilities	System Hardening		n/a	Reduce the cyber attack surface of SWIFT-related components by performing system hardening.	link	5
SWIFT_CSCF_v2022	2.3	SWIFT_CSCF_v2022_2.3	SWIFT CSCF v2022 2.3	2. Reduce Attack Surface and Vulnerabilities	Reduce the cyber-attack surface of SWIFT-related components by performing system hardening.	Shared	n/a	Security hardening is conducted and maintained on all in-scope components.	link	25
SWIFT_CSCF_v2022	5.1	SWIFT_CSCF_v2022_5.1	SWIFT CSCF v2022 5.1	5. Manage Identities and Segregate Privileges	Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts.	Shared	n/a	Accounts are defined according to the security principles of need-to-know access, least privilege, and separation of duties.	link	35

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03	add	1417908b-4bff-46ee-a2a6-4acc899320ab

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Motion Picture Association of America (MPAA)	92646f03-e39d-47a9-9e24-58d60ef49af8	Regulatory Compliance	Preview	BuiltIn
[Preview]: SWIFT CSP-CSCF v2021	abf84fac-f817-a70c-14b5-47eec767458a	Regulatory Compliance	Preview	BuiltIn
SWIFT CSP-CSCF v2022	7bc7cd6c-4114-ff31-3cac-59be3157596d	Regulatory Compliance	GA	BuiltIn

JSON