last sync: 2021-Apr-09 14:03:05 UTC

Azure Policy definition

Deploy default Microsoft IaaSAntimalware extension for Windows Server

Name Deploy default Microsoft IaaSAntimalware extension for Windows Server
Azure Portal
Id 2835b622-407b-4114-9198-6f7064cbe0dc
Version 1.0.0
details on versioning
Category Compute
Microsoft docs
Description This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8 Regulatory Compliance Preview
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
JSON
{
  "properties": {
    "displayName": "Deploy default Microsoft IaaSAntimalware extension for Windows Server",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension.",
    "metadata": {
      "version": "1.0.0",
      "category": "Compute"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "field": "Microsoft.Compute/imagePublisher",
            "equals": "MicrosoftWindowsServer"
          },
          {
            "field": "Microsoft.Compute/imageOffer",
            "equals": "WindowsServer"
          },
          {
            "field": "Microsoft.Compute/imageSKU",
            "in": [
              "2008-R2-SP1",
              "2008-R2-SP1-smalldisk",
              "2012-Datacenter",
              "2012-Datacenter-smalldisk",
              "2012-R2-Datacenter",
              "2012-R2-Datacenter-smalldisk",
              "2016-Datacenter",
              "2016-Datacenter-Server-Core",
              "2016-Datacenter-Server-Core-smalldisk",
              "2016-Datacenter-smalldisk",
              "2016-Datacenter-with-Containers",
              "2016-Datacenter-with-RDSH",
              "2019-Datacenter",
              "2019-Datacenter-Core",
              "2019-Datacenter-Core-smalldisk",
              "2019-Datacenter-Core-with-Containers",
              "2019-Datacenter-Core-with-Containers-smalldisk",
              "2019-Datacenter-smalldisk",
              "2019-Datacenter-with-Containers",
              "2019-Datacenter-with-Containers-smalldisk"
            ]
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/type",
                "equals": "IaaSAntimalware"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
                "equals": "Microsoft.Azure.Security"
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "ExclusionsPaths": {
                    "type": "string",
                    "defaultValue": "",
                    "metadata": {
                      "description": "Semicolon delimited list of file paths or locations to exclude from scanning"
                    }
                  },
                  "ExclusionsExtensions": {
                    "type": "string",
                    "defaultValue": "",
                    "metadata": {
                      "description": "Semicolon delimited list of file extensions to exclude from scanning"
                    }
                  },
                  "ExclusionsProcesses": {
                    "type": "string",
                    "defaultValue": "",
                    "metadata": {
                      "description": "Semicolon delimited list of process names to exclude from scanning"
                    }
                  },
                  "RealtimeProtectionEnabled": {
                    "type": "string",
                    "defaultValue": "true",
                    "metadata": {
                      "description": "Indicates whether or not real time protection is enabled (default is true)"
                    }
                  },
                  "ScheduledScanSettingsIsEnabled": {
                    "type": "string",
                    "defaultValue": "false",
                    "metadata": {
                      "description": "Indicates whether or not custom scheduled scan settings are enabled (default is false)"
                    }
                  },
                  "ScheduledScanSettingsScanType": {
                    "type": "string",
                    "defaultValue": "Quick",
                    "metadata": {
                      "description": "Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)"
                    }
                  },
                  "ScheduledScanSettingsDay": {
                    "type": "string",
                    "defaultValue": "7",
                    "metadata": {
                      "description": "Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"
                    }
                  },
                  "ScheduledScanSettingsTime": {
                    "type": "string",
                    "defaultValue": "120",
                    "metadata": {
                      "description": "When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."
                    }
                  }
                },
                "resources": [
                  {
                  "name": "[concat(parameters('vmName'),'/IaaSAntimalware')]",
                    "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                    "apiVersion": "2017-12-01",
                    "properties": {
                      "publisher": "Microsoft.Azure.Security",
                      "type": "IaaSAntimalware",
                      "typeHandlerVersion": "1.3",
                      "autoUpgradeMinorVersion": true,
                      "settings": {
                        "AntimalwareEnabled": true,
                      "RealtimeProtectionEnabled": "[parameters('RealtimeProtectionEnabled')]",
                        "ScheduledScanSettings": {
                        "isEnabled": "[parameters('ScheduledScanSettingsIsEnabled')]",
                        "day": "[parameters('ScheduledScanSettingsDay')]",
                        "time": "[parameters('ScheduledScanSettingsTime')]",
                        "scanType": "[parameters('ScheduledScanSettingsScanType')]"
                        },
                        "Exclusions": {
                        "Extensions": "[parameters('ExclusionsExtensions')]",
                        "Paths": "[parameters('ExclusionsPaths')]",
                        "Processes": "[parameters('ExclusionsProcesses')]"
                        }
                      }
                    }
                  }
                ]
              },
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "RealtimeProtectionEnabled": {
                  "value": "true"
                },
                "ScheduledScanSettingsIsEnabled": {
                  "value": "true"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2835b622-407b-4114-9198-6f7064cbe0dc"
}