AzPolicyAdvertizer

last sync: 2025-Jul-28 17:33:33 UTC

[Preview]: ChangeTracking extension should be installed on your Windows virtual machine

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: ChangeTracking extension should be installed on your Windows virtual machine
Id 221aac80-54d8-484b-83d7-24f4feac2ce0
Version 2.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
2.0.0-preview
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/imageSku Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id		 True
True
True

False
False
False
THEN-ExistenceCondition (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/virtualMachines/extensions/provisioningState Microsoft.Compute virtualMachines/extensions properties.provisioningState True False
Microsoft.Compute/virtualMachines/extensions/Publisher Microsoft.Compute virtualMachines/extensions properties.publisher True False
Microsoft.Compute/virtualMachines/extensions/type Microsoft.Compute virtualMachines/extensions properties.type True False
Rule resource types IF (1)
Compliance
The following 1 compliance controls are associated with this Policy definition '[Preview]: ChangeTracking extension should be installed on your Windows virtual machine' (221aac80-54d8-484b-83d7-24f4feac2ce0)
Rows: 1-1 / 1

Columns:

Close

Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 AM. Asset Management Human resources security, access control policies and asset management n/a The cybersecurity risk-management measures should therefore also address the physical and environmental security of network and information systems by including measures to protect such systems from system failures, human error, malicious acts or natural phenomena, in line with European and international standards, such as those included in the ISO/IEC 27000 series. In that regard, essential and important entities should, as part of their cybersecurity risk-management measures, also address human resources security and have in place appropriate access control policies. Those measures should be consistent with Directive (EU) 2022/2557. 28
Initiatives usage
Rows: 1-1 / 1
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-12-21 17:43:51 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-11-12 16:23:07 add 221aac80-54d8-484b-83d7-24f4feac2ce0
JSON compare
compare mode: version left: version right:
1.0.0-preview → 2.0.0-preview RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.",
6
  "metadata": {
7
- "version": "1.0.0-preview",
8
  "category": "Security Center",
9
  "preview": true
10
  },
11
  "parameters": {
@@ -107,31 +107,29 @@
107
  "field": "Microsoft.Compute/imageOffer",
108
  "equals": "WindowsServer"
109
  },
110
  {
 
 
111
- "field": "Microsoft.Compute/imageSKU",
112
- "in": [
113
- "2008-R2-SP1",
114
- "2008-R2-SP1-smalldisk",
115
- "2012-Datacenter",
116
- "2012-Datacenter-smalldisk",
117
- "2012-R2-Datacenter",
118
- "2012-R2-Datacenter-smalldisk",
119
- "2016-Datacenter",
120
- "2016-Datacenter-Server-Core",
121
- "2016-Datacenter-Server-Core-smalldisk",
122
- "2016-Datacenter-smalldisk",
123
- "2016-Datacenter-with-Containers",
124
- "2016-Datacenter-with-RDSH",
125
- "2019-Datacenter",
126
- "2019-Datacenter-Core",
127
- "2019-Datacenter-Core-smalldisk",
128
- "2019-Datacenter-Core-with-Containers",
129
- "2019-Datacenter-Core-with-Containers-smalldisk",
130
- "2019-Datacenter-smalldisk",
131
- "2019-Datacenter-with-Containers",
132
- "2019-Datacenter-with-Containers-smalldisk",
133
- "2019-Datacenter-zhcn"
 
 
 
 
 
 
 
 
 
 
 
 
 
134
  ]
135
  }
136
  ]
137
  },
@@ -176,8 +174,16 @@
176
  {
177
  "anyOf": [
178
  {
179
  "field": "Microsoft.Compute/imageOffer",
 
 
 
 
 
 
 
 
180
  "like": "*-WS2019"
181
  },
182
  {
183
  "field": "Microsoft.Compute/imageOffer",
 
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.",
6
  "metadata": {
7
+ "version": "2.0.0-preview",
8
  "category": "Security Center",
9
  "preview": true
10
  },
11
  "parameters": {
 
107
  "field": "Microsoft.Compute/imageOffer",
108
  "equals": "WindowsServer"
109
  },
110
  {
111
+ "anyOf": [
112
+ {
113
+ "field": "Microsoft.Compute/imageSku",
 
114
+ "like": "2008-R2-SP1*"
 
115
+ },
 
 
 
116
+ {
 
 
 
 
 
 
 
 
 
117
+ "field": "Microsoft.Compute/imageSku",
 
 
 
118
+ "like": "2012-*"
119
+ },
120
+ {
121
+ "field": "Microsoft.Compute/imageSku",
122
+ "like": "2016-*"
123
+ },
124
+ {
125
+ "field": "Microsoft.Compute/imageSku",
126
+ "like": "2019-*"
127
+ },
128
+ {
129
+ "field": "Microsoft.Compute/imageSku",
130
+ "like": "2022-*"
131
+ }
132
  ]
133
  }
134
  ]
135
  },
 
174
  {
175
  "anyOf": [
176
  {
177
  "field": "Microsoft.Compute/imageOffer",
178
+ "like": "*-WS2022"
179
+ },
180
+ {
181
+ "field": "Microsoft.Compute/imageOffer",
182
+ "like": "*-WS2022-BYOL"
183
+ },
184
+ {
185
+ "field": "Microsoft.Compute/imageOffer",
186
  "like": "*-WS2019"
187
  },
188
  {
189
  "field": "Microsoft.Compute/imageOffer",
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "[Preview]: ChangeTracking extension should be installed on your Windows virtual machine",
  • policyType: "BuiltIn",
  • mode: "Indexed",
  • description: "Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.",
  • metadata: {3 items
    • version: "2.0.0-preview",
    • category: "Security Center",
    • preview: true
    },
  • parameters: {2 items
    • effect: {4 items},
    • listOfApplicableLocations: {4 items
      • type: "Array",
      • metadata: {3 items
        • displayName: "Applicable Locations",
        • description: "The list of locations where the policy should be applied.",
        • strongType: "location"
        },
      • allowedValues: [25 items
        • "australiasoutheast",
        • "australiaeast",
        • "brazilsouth",
        • "canadacentral",
        • "centralindia",
        • "centralus",
        • "eastasia",
        • "eastus2euap",
        • "eastus",
        • "eastus2",
        • "francecentral",
        • "japaneast",
        • "koreacentral",
        • "northcentralus",
        • "northeurope",
        • "norwayeast",
        • "southcentralus",
        • "southeastasia",
        • "switzerlandnorth",
        • "uaenorth",
        • "uksouth",
        • "westcentralus",
        • "westeurope",
        • "westus",
        • "westus2"
        ],
      • defaultValue: [25 items
        • "australiasoutheast",
        • "australiaeast",
        • "brazilsouth",
        • "canadacentral",
        • "centralindia",
        • "centralus",
        • "eastasia",
        • "eastus2euap",
        • "eastus",
        • "eastus2",
        • "francecentral",
        • "japaneast",
        • "koreacentral",
        • "northcentralus",
        • "northeurope",
        • "norwayeast",
        • "southcentralus",
        • "southeastasia",
        • "switzerlandnorth",
        • "uaenorth",
        • "uksouth",
        • "westcentralus",
        • "westeurope",
        • "westus",
        • "westus2"
        ]
      }
    },
  • policyRule: {2 items}
}