Source
Azure Portal
Display name
[Preview]: ChangeTracking extension should be installed on your Windows virtual machine
Id
221aac80-54d8-484b-83d7-24f4feac2ce0 Copy Id Copy resourceId
Version
2.0.0-preview Details on versioning
Versioning
Versions supported for Versioning: 1 2.0.0-preview Built-in Versioning [Preview]
Category
Security Center Microsoft Learn
Description
Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.
Cloud environments
AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown
Available in AzUSGov
Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode
Indexed
Type
BuiltIn
Preview
True
Deprecated
False
Effect
Default AuditIfNotExists
Allowed AuditIfNotExists, Disabled
RBAC role(s)
none
Rule aliases
IF (3)
Alias
Namespace
ResourceType
Path
PathIsDefault
DefaultPath
Modifiable
Microsoft.Compute/imageOffer
Microsoft.Compute Microsoft.Compute Microsoft.Compute
virtualMachines virtualMachineScaleSets disks
properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id
True True True
False False False
Microsoft.Compute/imagePublisher
Microsoft.Compute Microsoft.Compute Microsoft.Compute
virtualMachines virtualMachineScaleSets disks
properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id
True True True
False False False
Microsoft.Compute/imageSku
Microsoft.Compute Microsoft.Compute Microsoft.Compute
virtualMachines virtualMachineScaleSets disks
properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id
True True True
False False False
THEN-ExistenceCondition (3)
Rule resource types
IF (1)
ComplianceHide
The following
1 compliance controls are associated with this Policy definition '[Preview]: ChangeTracking extension should be installed on your Windows virtual machine' (221aac80-54d8-484b-83d7-24f4feac2ce0)
Columns▼ Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear NIS2 Clear AM._Asset_Management_9 Clear
Control Domain
Control
Name
MetadataId
Category
Title
Owner
Requirements
Description
Info
Policy#
NIS2
AM._Asset_Management_9
NIS2_AM._Asset_Management_9
NIS2_AM._Asset_Management_9
AM. Asset Management
Human resources security, access control policies and asset management
n/a
The cybersecurity risk-management measures should therefore also address the physical and environmental security of network and information systems by including measures to protect such systems from system failures, human error, malicious acts or natural phenomena, in line with European and international standards, such as those included in the ISO/IEC 27000 series. In that regard, essential and important entities should, as part of their cybersecurity risk-management measures, also address human resources security and have in place appropriate access control policies. Those measures should be consistent with Directive (EU) 2022/2557.
28
No results
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear Regulatory Compliance Clear Preview Clear BuiltIn
Initiative DisplayName
Initiative Id
Initiative Category
State
Type
polSet in AzUSGov
[Preview]: NIS2
32ff9e30-4725-4ca7-ba3a-904a7721ee87
Regulatory Compliance
Preview BuiltIn
unknown
No results
History
Date/Time (UTC ymd) (i)
Change type
Change detail
2022-12-21 17:43:51
change
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-11-12 16:23:07
add
221aac80-54d8-484b-83d7-24f4feac2ce0
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.0.0-preview
version right: 2.0.0-preview 1.0.0-preview
@@ -3,9 +3,9 @@
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.",
6
"metadata": {
7
-
"version": "1.0.0-preview",
8
"category": "Security Center",
9
"preview": true
10
},
11
"parameters": {
@@ -107,31 +107,29 @@
107
"field": "Microsoft.Compute/imageOffer",
108
"equals": "WindowsServer"
109
},
110
{
111
-
"field": "Microsoft.Compute/imageSKU",
112
-
"in": [
113
-
"2008-R2-SP1",
114
-
"2008-R2-SP1-smalldisk",
115
-
"2012-Datacenter",
116
-
"2012-Datacenter-smalldisk",
117
-
"2012-R2-Datacenter",
118
-
"2012-R2-Datacenter-smalldisk",
119
-
"2016-Datacenter",
120
-
"2016-Datacenter-Server-Core",
121
-
"2016-Datacenter-Server-Core-smalldisk",
122
-
"2016-Datacenter-smalldisk",
123
-
"2016-Datacenter-with-Containers",
124
-
"2016-Datacenter-with-RDSH",
125
-
"2019-Datacenter",
126
-
"2019-Datacenter-Core",
127
-
"2019-Datacenter-Core-smalldisk",
128
-
"2019-Datacenter-Core-with-Containers",
129
-
"2019-Datacenter-Core-with-Containers-smalldisk",
130
-
"2019-Datacenter-smalldisk",
131
-
"2019-Datacenter-with-Containers",
132
-
"2019-Datacenter-with-Containers-smalldisk",
133
-
"2019-Datacenter-zhcn"
134
]
135
}
136
]
137
},
@@ -176,8 +174,16 @@
176
{
177
"anyOf": [
178
{
179
"field": "Microsoft.Compute/imageOffer",
180
"like": "*-WS2019"
181
},
182
{
183
"field": "Microsoft.Compute/imageOffer",
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.",
6
"metadata": {
7
+
"version": "2 .0.0-preview",
8
"category": "Security Center",
9
"preview": true
10
},
11
"parameters": {
107
"field": "Microsoft.Compute/imageOffer",
108
"equals": "WindowsServer"
109
},
110
{
111
+
"anyOf": [
112
+
{
113
+
"field": "Microsoft.Compute/imageSku ",
114
+
"like": " 2008-R2-SP1* "
115
+
} ,
116
+
{
117
+
"field ": "Microsoft.Compute/imageSku" ,
118
+
"like ": "2012-*"
119
+
},
120
+
{
121
+
"field": "Microsoft.Compute/imageSku",
122
+
"like": "2016-*"
123
+
},
124
+
{
125
+
"field": "Microsoft.Compute/imageSku",
126
+
"like": "2019-*"
127
+
},
128
+
{
129
+
"field": "Microsoft.Compute/imageSku",
130
+
"like": "2022-*"
131
+
}
132
]
133
}
134
]
135
},
174
{
175
"anyOf": [
176
{
177
"field": "Microsoft.Compute/imageOffer",
178
+
"like": "*-WS2022"
179
+
},
180
+
{
181
+
"field": "Microsoft.Compute/imageOffer",
182
+
"like": "*-WS2022-BYOL"
183
+
},
184
+
{
185
+
"field": "Microsoft.Compute/imageOffer",
186
"like": "*-WS2019"
187
},
188
{
189
"field": "Microsoft.Compute/imageOffer",
JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "[Preview]: ChangeTracking extension should be installed on your Windows virtual machine" , policyType: "BuiltIn" , mode: "Indexed" , description: "Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent." , metadata: { 3 items version: "2.0.0-preview" , category: "Security Center" , preview: true } , parameters: { 2 items effect: { 4 items } , listOfApplicableLocations: { 4 items type: "Array" , metadata: { 3 items displayName: "Applicable Locations" , description: "The list of locations where the policy should be applied." , strongType: "location" } , allowedValues: [ 25 items "australiasoutheast" , "australiaeast" , "brazilsouth" , "canadacentral" , "centralindia" , "centralus" , "eastasia" , "eastus2euap" , "eastus" , "eastus2" , "francecentral" , "japaneast" , "koreacentral" , "northcentralus" , "northeurope" , "norwayeast" , "southcentralus" , "southeastasia" , "switzerlandnorth" , "uaenorth" , "uksouth" , "westcentralus" , "westeurope" , "westus" , "westus2" ] , defaultValue: [ 25 items "australiasoutheast" , "australiaeast" , "brazilsouth" , "canadacentral" , "centralindia" , "centralus" , "eastasia" , "eastus2euap" , "eastus" , "eastus2" , "francecentral" , "japaneast" , "koreacentral" , "northcentralus" , "northeurope" , "norwayeast" , "southcentralus" , "southeastasia" , "switzerlandnorth" , "uaenorth" , "uksouth" , "westcentralus" , "westeurope" , "westus" , "westus2" ] } } , policyRule: { 2 items if: { 1 item allOf: [ 3 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 2 items field: "location" , in: "[parameters('listOfApplicableLocations')]" } , { 1 item anyOf: [ 9 items { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "WindowsServer" } , { 1 item anyOf: [ 5 items { 2 items field: "Microsoft.Compute/imageSku" , like: "2008-R2-SP1*" } , { 2 items field: "Microsoft.Compute/imageSku" , like: "2012-*" } , { 2 items field: "Microsoft.Compute/imageSku" , like: "2016-*" } , { 2 items field: "Microsoft.Compute/imageSku" , like: "2019-*" } , { 2 items field: "Microsoft.Compute/imageSku" , like: "2022-*" } ] } ] } , { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "WindowsServerSemiAnnual" } , { 2 items field: "Microsoft.Compute/imageSKU" , in: [ 3 items "Datacenter-Core-1709-smalldisk" , "Datacenter-Core-1709-with-Containers-smalldisk" , "Datacenter-Core-1803-with-Containers-smalldisk" ] } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServerHPCPack" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "WindowsServerHPCPack" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftSQLServer" } , { 1 item anyOf: [ 8 items { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2022" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2022-BYOL" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2019" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2019-BYOL" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2016" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2016-BYOL" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2012R2" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "*-WS2012R2-BYOL" } ] } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftRServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "MLServer-WS2016" } ] } , { 1 item } , { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftDynamicsAX" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "Dynamics" } , { 2 items field: "Microsoft.Compute/imageSKU" , equals: "Pre-Req-AX7-Onebox-U8" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "microsoft-ads" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "windows-data-science-vm" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsDesktop" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "Windows-10" } ] } ] } ] } , then: { 2 items effect: "[parameters('effect')]" , details: { 2 items type: "Microsoft.Compute/virtualMachines/extensions" , existenceCondition: { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/virtualMachines/extensions/type" , equals: "ChangeTracking-Windows" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/Publisher" , equals: "Microsoft.Azure.ChangeTrackingAndInventory" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/provisioningState" , equals: "Succeeded" } ] } } } } }