AzPolicyAdvertizer

last sync: 2022-May-24 16:30:29 UTC

Azure Policy definition

Windows machines should meet requirements for 'System Audit Policies - Policy Change'

Name

Windows machines should meet requirements for 'System Audit Policies - Policy Change'
Azure Portal

2a7a701e-dff3-4da9-9ec5-42cb98594c0b

Version

3.0.0
details on versioning

Category

Guest Configuration
Microsoft docs

Description

Windows machines should have the specified Group Policy settings in the category 'System Audit Policies - Policy Change' for auditing changes to system audit policies. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role

none

Rule Aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	VirtualMachines	properties.osProfile.osType	false
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	false

Rule ResourceTypes

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (2.0.0 > 3.0.0)
2020-09-15 14:06:41	change	Previous DisplayName: [Preview]: Windows machines should meet requirements for 'System Audit Policies - Policy Change'
2020-08-20 14:05:01	add	2a7a701e-dff3-4da9-9ec5-42cb98594c0b

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Windows machines should meet requirements for the Azure compute security baseline	be7a78aa-3e10-4153-a5fd-8c6506dbc821	Guest Configuration	Preview	BuiltIn
CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	GA	BuiltIn

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

AzPolicyAdvertizer

Azure Policy definition

Windows machines should meet requirements for 'System Audit Policies - Policy Change'

JSON Left

JSON Right