AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Preview]: Configure supported Windows machines to automatically install the Azure Security agent

Name

[Preview]: Configure supported Windows machines to automatically install the Azure Security agent
Azure Portal

1537496a-b1e8-482b-a06a-1cc2415cdc7b

Version

5.1.0-preview
details on versioning

Category

Security Center
Microsoft docs

Description

Configure supported Windows machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC
Role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Rule
Aliases

IF (3)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSku	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false

THEN-ExistenceCondition (4)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachines/extensions/enableAutomaticUpgrade	Microsoft.Compute	virtualMachines/extensions	properties.enableAutomaticUpgrade	true
Microsoft.Compute/virtualMachines/extensions/provisioningState	Microsoft.Compute	virtualMachines/extensions	properties.provisioningState	false
Microsoft.Compute/virtualMachines/extensions/Publisher	Microsoft.Compute	virtualMachines/extensions	properties.publisher	false
Microsoft.Compute/virtualMachines/extensions/type	Microsoft.Compute	virtualMachines/extensions	properties.type	false

Rule
ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (1)
Microsoft.Compute/virtualMachines/extensions

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-06-06 18:29:21	change	Minor, suffix remains equal (5.0.0-preview > 5.1.0-preview)
2022-09-30 16:34:23	change	Major, suffix remains equal (4.0.0-preview > 5.0.0-preview)
2021-09-13 16:35:32	change	Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
2021-06-22 14:29:30	change	Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-06-02 22:44:52	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-01-22 09:14:53	add	1537496a-b1e8-482b-a06a-1cc2415cdc7b

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines	a15f3269-2e10-458c-87a4-d5989e678a73	Monitoring	Preview	BuiltIn
[Preview]: Configure machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent	362ab02d-c362-417e-a525-45805d58e21d	Security Center	Preview	BuiltIn
[Preview]: Configure machines to create the user-defined Microsoft Defender for Cloud pipeline using Azure Monitor Agent	500ab3a2-f1bd-4a5a-8e47-3e09d9a294c3	Security Center	Preview	BuiltIn

JSON