AzPolicyAdvertizer

last sync: 2021-Oct-25 16:02:14 UTC

Azure Policy definition

[Preview]: Log Analytics Extension should be enabled for listed virtual machine images

Name [Preview]: Log Analytics Extension should be enabled for listed virtual machine images
Azure Portal

Id 32133ab0-ee4b-4b44-98d6-042180979d50

Version 2.0.1-preview
details on versioning

Category Monitoring
Microsoft docs

Description Reports virtual machines as non-compliant if the virtual machine image is not in the list defined and the extension is not installed.

Mode Indexed

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-09-27 15:52:17	change	Patch, suffix remains equal (2.0.0-preview > 2.0.1-preview)
2021-03-02 15:11:40	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Deprecated]: DoD Impact Level 4	8d792a84-723c-4d92-a3c3-e4ed16a2d133	Regulatory Compliance	Deprecated
[Preview]: CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	Preview
[Preview]: NIST SP 800-171 R2	03055927-78bd-4236-86c0-f36125a10dc9	Regulatory Compliance	Preview
Canada Federal PBMM	4c4a5f27-de81-430b-b4e5-9cbd50595a87	Regulatory Compliance	GA
Enable Azure Monitor for VMs	55f3eceb-5573-4f18-9695-226972c6d74a	Monitoring	GA
IRS1075 September 2016	105e0327-6175-4eb2-9af4-1fba43bdb39d	Regulatory Compliance	GA
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

{
  "displayName": "[Preview]: Log Analytics Extension should be enabled for listed virtual machine images",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Reports virtual machines as non-compliant if the virtual machine image is not in the list defined and the extension is not installed.",
  "metadata": {
    "version": "2.0.1-preview",
    "category": "Monitoring",
    "preview": true
  },
  "parameters": {
    "listOfImageIdToInclude_windows": {
      "type": "Array",
      "metadata": {
        "displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
      },
      "defaultValue": []
    },
    "listOfImageIdToInclude_linux": {
      "type": "Array",
      "metadata": {
        "displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
      },
      "defaultValue": []
    },
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "not": {
            "anyOf": [
              {
                "anyOf": [
                  {
                    "field": "Microsoft.Compute/imageId",
                    "in": "[parameters('listOfImageIdToInclude_windows')]"
                  },
                  {
                    "field": "Microsoft.Compute/imageId",
                    "in": "[parameters('listOfImageIdToInclude_linux')]"
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftWindowsServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "WindowsServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "in": [
                          "2008-R2-SP1",
                          "2008-R2-SP1-smalldisk",
                          "2012-Datacenter",
                          "2012-Datacenter-smalldisk",
                          "2012-R2-Datacenter",
                          "2012-R2-Datacenter-smalldisk",
                          "2016-Datacenter",
                          "2016-Datacenter-Server-Core",
                          "2016-Datacenter-Server-Core-smalldisk",
                          "2016-Datacenter-smalldisk",
                          "2016-Datacenter-with-Containers",
                          "2016-Datacenter-with-RDSH",
                          "2019-Datacenter",
                          "2019-Datacenter-Core",
                          "2019-Datacenter-Core-smalldisk",
                          "2019-Datacenter-Core-with-Containers",
                          "2019-Datacenter-Core-with-Containers-smalldisk",
                          "2019-Datacenter-smalldisk",
                          "2019-Datacenter-with-Containers",
                          "2019-Datacenter-with-Containers-smalldisk",
                          "2019-Datacenter-zhcn"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftWindowsServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "WindowsServerSemiAnnual"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "in": [
                          "Datacenter-Core-1709-smalldisk",
                          "Datacenter-Core-1709-with-Containers-smalldisk",
                          "Datacenter-Core-1803-with-Containers-smalldisk"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftWindowsServerHPCPack"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "WindowsServerHPCPack"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftSQLServer"
                      },
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "like": "*-WS2016"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "like": "*-WS2016-BYOL"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "like": "*-WS2012R2"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "like": "*-WS2012R2-BYOL"
                          }
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftRServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "MLServer-WS2016"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftVisualStudio"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "VisualStudio",
                          "Windows"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftDynamicsAX"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Dynamics"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "equals": "Pre-Req-AX7-Onebox-U8"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftDynamicsAX"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Dynamics"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "equals": "Pre-Req-AX7-Onebox-V4"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-ads"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "windows-data-science-vm"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "MicrosoftWindowsDesktop"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Windows-10"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "RHEL",
                      "RHEL-SAP-HANA"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "SUSE"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "SLES",
                      "SLES-HPC",
                      "SLES-HPC-Priority",
                      "SLES-SAP",
                      "SLES-SAP-BYOS",
                      "SLES-Priority",
                      "SLES-BYOS",
                      "SLES-SAPCAL",
                      "SLES-Standard"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "12*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Canonical"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "UbuntuServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "14.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "16.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "18.04*LTS"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Oracle"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Oracle-Linux"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "7.*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "OpenLogic"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "CentOS",
                      "Centos-LVM",
                      "CentOS-SRIOV"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-centos-os"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "like": "7*"
                  }
                ]
              }
            ]
          }
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Compute/virtualMachines/extensions",
        "existenceCondition": {
          "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
          "equals": "Microsoft.EnterpriseCloud.Monitoring"
        }
      }
    }
  }
}

AzPolicyAdvertizer

Azure Policy definition

[Preview]: Log Analytics Extension should be enabled for listed virtual machine images

JSON Left

JSON Right