last sync: 2020-Sep-25 13:37:27 UTC

Azure Policy

Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs

Policy DisplayName Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs
Policy Id 331e8ea8-378a-410f-a2e5-ae22f38bb0da
Policy Category Guest Configuration
Policy Description This policy deploys the Linux Guest Configuration extension to Linux virtual machines hosted in Azure that are supported by Guest Configuration. The Linux Guest Configuration extension is a prerequisite for all Linux Guest Configuration assignments and must deployed to machines before using any Linux Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: deployIfNotExists
Roles used
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-15 14:06:41 change: DisplayName previous DisplayName: [Preview]: Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs
2020-08-05 13:05:29 change: DisplayName previous DisplayName: [Preview]: Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux virtual machines
2020-06-23 16:03:25 add: Policy 331e8ea8-378a-410f-a2e5-ae22f38bb0da
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
IRS1075 September 2016 105e0327-6175-4eb2-9af4-1fba43bdb39d
[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines 12794019-7a00-42cf-95c2-882eed337cc8
[Preview]: Australian Government ISM PROTECTED 27272c0b-c225-4cc3-b8b0-f2534b093077
UK OFFICIAL and UK NHS 3937f550-eedd-4639-9c5e-294358be442e
[Preview]: SWIFT CSP-CSCF v2020 3e0c67fc-8c7c-406c-89bd-6b6bdc986a22
Canada Federal PBMM 4c4a5f27-de81-430b-b4e5-9cbd50595a87
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2
[Deprecated]: DOD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
NIST SP 800-53 R4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693
Policy Rule
{
  "properties": {
    "displayName": "Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys the Linux Guest Configuration extension to Linux virtual machines hosted in Azure that are supported by Guest Configuration. The Linux Guest Configuration extension is a prerequisite for all Linux Guest Configuration assignments and must deployed to machines before using any Linux Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.",
    "metadata": {
      "category": "Guest Configuration",
      "version": "1.0.0"
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "in": [
                  "microsoft-aks",
                  "qubole-inc",
                  "datastax",
                  "couchbase",
                  "scalegrid",
                  "checkpoint",
                  "paloaltonetworks",
                  "debian"
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "OpenLogic"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "CentOS*"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "6*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Oracle"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Oracle-Linux"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "6*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "RHEL",
                      "RHEL-HA",
                      "RHEL-SAP",
                      "RHEL-SAP-APPS",
                      "RHEL-SAP-HA",
                      "RHEL-SAP-HANA"
                    ]
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "6*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "osa",
                      "rhel-byos"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "center-for-internet-security-inc"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "cis-centos-7-l1",
                      "cis-centos-7-v2-1-1-l1",
                      "cis-centos-8-l1",
                      "cis-debian-linux-8-l1",
                      "cis-debian-linux-9-l1",
                      "cis-nginx-centos-7-v1-1-0-l1",
                      "cis-oracle-linux-7-v2-0-0-l1",
                      "cis-oracle-linux-8-l1",
                      "cis-postgresql-11-centos-linux-7-level-1",
                      "cis-rhel-7-l2",
                      "cis-rhel-7-v2-2-0-l1",
                      "cis-rhel-8-l1",
                      "cis-suse-linux-12-v2-0-0-l1",
                      "cis-ubuntu-linux-1604-v1-0-0-l1",
                      "cis-ubuntu-linux-1804-l1"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "credativ"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Debian"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "7*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Suse"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "SLES*"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "11*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Canonical"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "UbuntuServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "12*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-dsvm"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "linux-data-science-vm-ubuntu",
                      "azureml"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-centos-os"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "6*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-altus-centos-os"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-ads"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "linux*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration",
                        "exists": "true"
                      },
                      {
                        "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                        "like": "Linux*"
                      }
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "exists": "false"
                      },
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "notIn": [
                          "OpenLogic",
                          "RedHat",
                          "credativ",
                          "Suse",
                          "Canonical",
                          "microsoft-dsvm",
                          "cloudera",
                          "microsoft-ads",
                          "center-for-internet-security-inc",
                          "Oracle"
                        ]
                      }
                    ]
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "name": "AzurePolicyforLinux",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
                "equals": "Microsoft.GuestConfiguration"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/type",
                "equals": "ConfigurationforLinux"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
                "equals": "Succeeded"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "apiVersion": "2019-07-01",
                  "name": "[concat(parameters('vmName'), '/AzurePolicyforLinux')]",
                    "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                    "properties": {
                      "publisher": "Microsoft.GuestConfiguration",
                      "type": "ConfigurationforLinux",
                      "typeHandlerVersion": "1.0",
                      "autoUpgradeMinorVersion": true,
                      "settings": {
                        
                      },
                      "protectedSettings": {
                        
                      }
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "331e8ea8-378a-410f-a2e5-ae22f38bb0da"
}