last sync: 2021-Jan-19 16:06:44 UTC

Azure Policy definition

Enable Automanage - Azure virtual machine best practices

Name Enable Automanage - Azure virtual machine best practices
Azure Portal
Id 270610db-8c04-438a-a739-e8e6745b22d3
Version 1.0.0
details on versioning
Category Automanage
Microsoft docs
Description Automanage enrolls, configures, and monitors virtual machines with Azure VM best practice services. Use this policy to apply Automanage to your selected scope.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-09-15 14:06:41 add 270610db-8c04-438a-a739-e8e6745b22d3
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Enable Automanage - Azure virtual machine best practices",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Automanage enrolls, configures, and monitors virtual machines with Azure VM best practice services. Use this policy to apply Automanage to your selected scope.",
    "metadata": {
      "version": "1.0.0",
      "category": "Automanage"
    },
    "parameters": {
      "automanageAccount": {
        "type": "String",
        "metadata": {
          "displayName": "Automanage account",
          "description": "Select Automanage account from dropdown list. If this account is outside of the scope of the assignment you must manually grant 'Contributor' permissions (or similar) on the account to the policy assignment's principal ID.",
          "strongType": "Microsoft.Automanage/accounts",
          "assignPermissions": true
        }
      },
      "configurationProfileAssignment": {
        "type": "String",
        "metadata": {
          "displayName": "Configuration profile",
          "description": "The management services provided are based on whether the machine is intended to be used in a dev/test environment or production."
        },
        "allowedValues": [
          "Azure virtual machine best practices  Production",
          "Azure virtual machine best practices  Dev/test"
        ],
        "defaultValue": "Azure virtual machine best practices  Production"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "location",
            "in": [
              "eastus",
              "westus2",
              "westcentralus",
              "westeurope",
              "canadacentral"
            ]
          },
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "in": [
                  "esri",
                  "incredibuild",
                  "MicrosoftDynamicsAX",
                  "MicrosoftSharepoint",
                  "MicrosoftVisualStudio",
                  "MicrosoftWindowsDesktop",
                  "MicrosoftWindowsServerHPCPack"
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "2008*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftSQLServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "notLike": "SQL2008*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-dsvm"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "dsvm-windows"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-ads"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "standard-data-science-vm",
                      "windows-data-science-vm"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "batch"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "rendering-windows2016"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "center-for-internet-security-inc"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "cis-windows-server-201*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "pivotal"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "bosh-windows-server*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloud-infrastructure-services"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "ad*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
                        "exists": "true"
                      },
                      {
                        "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                        "like": "Windows*"
                      }
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "exists": "false"
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imageSKU",
                            "notLike": "2008*"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "notLike": "SQL2008*"
                          }
                        ]
                      }
                    ]
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "type": "Microsoft.Automanage/configurationProfileAssignments",
          "name": "default",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Automanage/configurationProfileAssignments/configurationProfile",
              "equals": "[parameters('configurationProfileAssignment')]"
              },
              {
                "field": "Microsoft.Automanage/configurationProfileAssignments/accountId",
              "equals": "[parameters('automanageAccount')]"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "machineName": {
                "value": "[field('Name')]"
                },
                "automanageAccount": {
                "value": "[parameters('automanageAccount')]"
                },
                "configurationProfileAssignment": {
                "value": "[parameters('configurationProfileAssignment')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "machineName": {
                    "type": "String"
                  },
                  "automanageAccount": {
                    "type": "string"
                  },
                  "configurationProfileAssignment": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "type": "Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments",
                    "apiVersion": "2020-06-30-preview",
                  "name": "[concat(parameters('machineName'), '/Microsoft.Automanage/', 'default')]",
                    "properties": {
                    "configurationProfile": "[parameters('configurationProfileAssignment')]",
                    "accountId": "[parameters('automanageAccount')]"
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/270610db-8c04-438a-a739-e8e6745b22d3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "270610db-8c04-438a-a739-e8e6745b22d3"
}