AzPolicyAdvertizer

last sync: 2022-Jun-28 16:32:57 UTC

Azure Policy definition

[Preview]: ChangeTracking extension should be installed on your Windows virtual machine

Name

[Preview]: ChangeTracking extension should be installed on your Windows virtual machine
Azure Portal

221aac80-54d8-484b-83d7-24f4feac2ce0

Version

1.0.0-preview
details on versioning

Category

Security Center
Microsoft docs

Description

Install ChangeTracking Extension on Windows virtual machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role

none

Rule Aliases

IF (3)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false

THEN-ExistenceCondition (3)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachines/extensions/provisioningState	Microsoft.Compute	virtualMachines/extensions	properties.provisioningState	false
Microsoft.Compute/virtualMachines/extensions/Publisher	Microsoft.Compute	virtualMachines/extensions	properties.publisher	false
Microsoft.Compute/virtualMachines/extensions/type	Microsoft.Compute	virtualMachines/extensions	properties.type	false

Rule ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-11-12 16:23:07	add	221aac80-54d8-484b-83d7-24f4feac2ce0

Used in Initiatives

none

JSON