AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs

Name

[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs
Azure Portal

17b3de92-f710-4cf4-aa55-0e7859f1ed7b

Version

6.0.0-preview
details on versioning

Category

Monitoring
Microsoft docs

Description

Configure system-assigned managed identity to virtual machines hosted in Azure that are supported by Azure Monitor and do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Azure Monitor assignments and must be added to machines before using any Azure Monitor extension. Target virtual machines must be in a supported location.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default
Modify
Allowed
Modify, Disabled

RBAC
Role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Managed Identity Contributor	e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Managed Identity Operator	f1a07417-d97a-45cb-824c-7a7467783830

Rule
Aliases

IF (5)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageId	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.id properties.virtualMachineProfile.storageProfile.imageReference.id properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSku	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings	false

Rule
ResourceTypes

IF (2)
Microsoft.Compute/virtualMachines
Microsoft.Compute/virtualMachineScaleSets

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-13 16:35:29	change	Major, suffix remains equal (5.0.0-preview > 6.0.0-preview)
2022-04-01 20:29:14	change	Major, suffix remains equal (4.0.0-preview > 5.0.0-preview)
2021-10-19 19:10:32	change	Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
2021-06-02 22:44:52	change	Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-05-04 14:34:06	change	Major, suffix remains equal (1.2.0-preview > 2.0.0-preview)
2021-03-02 15:11:40	change	Minor, suffix remains equal (1.1.0-preview > 1.2.0-preview)
2021-02-23 16:24:42	change	Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
2021-01-22 09:14:53	add	17b3de92-f710-4cf4-aa55-0e7859f1ed7b

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines	a15f3269-2e10-458c-87a4-d5989e678a73	Monitoring	Preview	BuiltIn
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs	281d9e47-d14d-4f05-b8eb-18f2c4a034ff	Trusted Launch	Preview	BuiltIn

JSON