JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.2.0-preview 1.1.0-preview 1.0.0-preview version right: 1.3.0-preview 1.2.0-preview 1.1.0-preview 1.0.0-preview
@@ -3,9 +3,9 @@
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Creates a Guest Configuration assignment to configure disabling local users on Windows Server. This ensures that Windows Servers can only be accessed by AAD (Azure Active Directory) account or a list of explicitly allowed users by this policy, improving overall security posture.",
6
"metadata": {
7
-
"version": "1.2.0-preview",
8
"preview": true,
9
"category": "Guest Configuration",
10
"requiredProviders": [
11
"Microsoft.GuestConfiguration"
@@ -261,8 +261,9 @@
261
"name": "SetAADDisableLocalAuth",
262
"roleDefinitionIds": [
263
"/providers/microsoft.authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31"
264
],
265
"existenceCondition": {
266
"allOf": [
267
{
268
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Creates a Guest Configuration assignment to configure disabling local users on Windows Server. This ensures that Windows Servers can only be accessed by AAD (Azure Active Directory) account or a list of explicitly allowed users by this policy, improving overall security posture.",
6
"metadata": {
7
+
"version": "1.3 .0-preview",
8
"preview": true,
9
"category": "Guest Configuration",
10
"requiredProviders": [
11
"Microsoft.GuestConfiguration"
261
"name": "SetAADDisableLocalAuth",
262
"roleDefinitionIds": [
263
"/providers/microsoft.authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31"
264
],
265
+
"evaluationDelay": "AfterProvisioning",
266
"existenceCondition": {
267
"allOf": [
268
{
269
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
JSON
api-version=2021-06-01 Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "[Preview]: Configure Windows Server to disable local users." , policyType: "BuiltIn" , mode: "Indexed" , description: "Creates a Guest Configuration assignment to configure disabling local users on Windows Server. This ensures that Windows Servers can only be accessed by AAD (Azure Active Directory) account or a list of explicitly allowed users by this policy, improving overall security posture." , metadata: { 5 items } , parameters: { 3 items IncludeArcMachines: { 4 items type: "String" , metadata: { 3 items displayName: "Include Arc connected servers" , description: "By selecting this option, you agree to be charged monthly per Arc connected machine." , portalReview: "true" } , allowedValues: [ 2 items ] , defaultValue: "false" } , AllowedUsers: { 3 items type: "String" , metadata: { 3 items displayName: "Allowed Users" , description: "The local users who are allowed to login. Access for the specified users will not be disabled. eg: testuser1, testuser2 ..." , portalReview: "true" } , defaultValue: "" } , effect: { 4 items type: "String" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of this policy" } , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" } } , policyRule: { 2 items if: { 1 item anyOf: [ 2 items { 1 item allOf: [ 2 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 1 item anyOf: [ 10 items { 2 items field: "Microsoft.Compute/imagePublisher" , in: [ 7 items "esri" , "incredibuild" , "MicrosoftDynamicsAX" , "MicrosoftSharepoint" , "MicrosoftVisualStudio" , "MicrosoftWindowsDesktop" , "MicrosoftWindowsServerHPCPack" ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServer" } , { 2 items field: "Microsoft.Compute/imageSKU" , notLike: "2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftSQLServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , notLike: "SQL2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "microsoft-dsvm" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "dsvm-win*" } ] } , { 1 item } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "batch" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "rendering-windows2016" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "center-for-internet-security-inc" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "cis-windows-server-201*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "pivotal" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "bosh-windows-server*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "cloud-infrastructure-services" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "ad*" } ] } , { 1 item } ] } ] } , { 1 item } ] } , then: { 2 items effect: "[parameters('effect')]" , details: { 6 items type: "Microsoft.GuestConfiguration/guestConfigurationAssignments" , name: "SetAADDisableLocalAuth" , roleDefinitionIds: [ 1 item ] , evaluationDelay: "AfterProvisioning" , existenceCondition: { 1 item allOf: [ 2 items { 2 items field: "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash" , equals: 🔍 "[
base64(
concat(
'[
AADDisableLocalAuth
]AADDisableLocalAuth1;AllowedUsers',
'=',
parameters('AllowedUsers')
)
)
]" } , { 2 items field: "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus" , equals: "Compliant" } ] } , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 5 items } , template: { 4 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 5 items } , resources: [ 3 items { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'microsoft.hybridcompute/machines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } , { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } , { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.ConnectedVMwarevSphere/virtualMachines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.ConnectedVMwarevSphere/virtualMachines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } ] } } } } } } }