last sync: 2023-Dec-06 18:52:29 UTC

Azure Policy definition

Audit Windows machines that contain certificates expiring within the specified number of days

Source Azure Portal
Display name Audit Windows machines that contain certificates expiring within the specified number of days
Id 1417908b-4bff-46ee-a2a6-4acc899320ab
Version 2.0.0
Details on versioning
Category Guest Configuration
Microsoft Learn
Description Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if certificates in the specified store have an expiration date out of range for the number of days given as parameter. The policy also provides the option to only check for specific certificates or exclude specific certificates, and whether to report on expired certificates.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Fixed
auditIfNotExists
RBAC role(s) none
Rule aliases IF (7)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration Microsoft.Compute virtualMachines properties.osProfile.windowsConfiguration true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType Microsoft.ConnectedVMwarevSphere virtualmachines properties.osProfile.osType false
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName false
THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash Microsoft.GuestConfiguration guestConfigurationAssignments properties.parameterHash false
Rule resource types IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 3 compliance controls are associated with this Policy definition 'Audit Windows machines that contain certificates expiring within the specified number of days' (1417908b-4bff-46ee-a2a6-4acc899320ab)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 Reduce Attack Surface and Vulnerabilities System Hardening n/a Reduce the cyber attack surface of SWIFT-related components by performing system hardening. link 5
SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 2. Reduce Attack Surface and Vulnerabilities Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. Shared n/a Security hardening is conducted and maintained on all in-scope components. link 25
SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 5. Manage Identities and Segregate Privileges Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. Shared n/a Accounts are defined according to the security principles of need-to-know access, least privilege, and separation of duties. link 35
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8 Regulatory Compliance Preview BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-28 17:51:01 change Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03 add 1417908b-4bff-46ee-a2a6-4acc899320ab
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC