AzPolicyAdvertizer

last sync: 2021-Nov-26 17:15:01 UTC

Azure Policy definition

[Preview]: Configure supported Windows machines to automatically install the Azure Security agent

Name [Preview]: Configure supported Windows machines to automatically install the Azure Security agent
Azure Portal

Id 1537496a-b1e8-482b-a06a-1cc2415cdc7b

Version 4.0.0-preview
details on versioning

Category Security Center
Microsoft docs

Description Configure supported Windows machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location.

Mode Indexed

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)

Used RBAC Role

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-09-13 16:35:32	change	Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
2021-06-22 14:29:30	change	Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-06-02 22:44:52	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-01-22 09:14:53	add	1537496a-b1e8-482b-a06a-1cc2415cdc7b

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines	a15f3269-2e10-458c-87a4-d5989e678a73	Monitoring	Preview

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

{
  "displayName": "[Preview]: Configure supported Windows machines to automatically install the Azure Security agent",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Configure supported Windows machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location.",
  "metadata": {
    "category": "Security Center",
    "version": "4.0.0-preview",
    "preview": true
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "anyOf": [
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsServer"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "WindowsServer"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "in": [
                    "2008-R2-SP1",
                    "2008-R2-SP1-smalldisk",
                    "2012-Datacenter",
                    "2012-Datacenter-smalldisk",
                    "2012-R2-Datacenter",
                    "2012-R2-Datacenter-smalldisk",
                    "2016-Datacenter",
                    "2016-Datacenter-Server-Core",
                    "2016-Datacenter-Server-Core-smalldisk",
                    "2016-Datacenter-smalldisk",
                    "2016-Datacenter-with-Containers",
                    "2016-Datacenter-with-RDSH",
                    "2019-Datacenter",
                    "2019-Datacenter-Core",
                    "2019-Datacenter-Core-smalldisk",
                    "2019-Datacenter-Core-with-Containers",
                    "2019-Datacenter-Core-with-Containers-smalldisk",
                    "2019-Datacenter-smalldisk",
                    "2019-Datacenter-with-Containers",
                    "2019-Datacenter-with-Containers-smalldisk",
                    "2019-Datacenter-zhcn"
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsServer"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "WindowsServerSemiAnnual"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "in": [
                    "Datacenter-Core-1709-smalldisk",
                    "Datacenter-Core-1709-with-Containers-smalldisk",
                    "Datacenter-Core-1803-with-Containers-smalldisk"
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsServerHPCPack"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "WindowsServerHPCPack"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftSQLServer"
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2019"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2019-BYOL"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2016"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2016-BYOL"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2012R2"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "*-WS2012R2-BYOL"
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftRServer"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "MLServer-WS2016"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftVisualStudio"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "in": [
                    "VisualStudio",
                    "Windows"
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftDynamicsAX"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "Dynamics"
                },
                {
                  "field": "Microsoft.Compute/imageSKU",
                  "equals": "Pre-Req-AX7-Onebox-U8"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "microsoft-ads"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "windows-data-science-vm"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "equals": "MicrosoftWindowsDesktop"
                },
                {
                  "field": "Microsoft.Compute/imageOffer",
                  "equals": "Windows-10"
                }
              ]
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Compute/virtualMachines/extensions",
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.Compute/virtualMachines/extensions/type",
              "equals": "AzureSecurityWindowsAgent"
            },
            {
              "field": "Microsoft.Compute/virtualMachines/extensions/Publisher",
              "equals": "Microsoft.Azure.Security.Monitoring"
            },
            {
              "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
              "in": [
                "Succeeded",
                "Provisioning succeeded"
              ]
            }
          ]
        },
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "parameters": {
              "location": {
                "value": "[field('location')]"
              },
              "vmName": {
                "value": "[field('name')]"
              }
            },
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "location": {
                  "type": "string"
                },
                "vmName": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "type": "Microsoft.Compute/virtualMachines/extensions",
                  "name": "[concat(parameters('vmName'), '/', 'AzureSecurityWindowsAgent')]",
                  "apiVersion": "2019-03-01",
                  "location": "[parameters('location')]",
                  "properties": {
                    "publisher": "Microsoft.Azure.Security.Monitoring",
                    "type": "AzureSecurityWindowsAgent",
                    "typeHandlerVersion": "1.0",
                    "autoUpgradeMinorVersion": "true",
                    "settings": {},
                    "protectedsettings": {}
                  }
                }
              ]
            }
          }
        }
      }
    }
  }
}

AzPolicyAdvertizer

Azure Policy definition

[Preview]: Configure supported Windows machines to automatically install the Azure Security agent

JSON Left

JSON Right