AzPolicyAdvertizer

last sync: 2020-Sep-17 14:31:34 UTC

You like AzAdvertizer ? Go checkout the new version of AzGovViz

Azure Policy

Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

Policy DisplayName Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

Policy Id 385f5831-96d4-41db-9a3c-cd3af78aaae6

Policy Category Guest Configuration

Policy Description This policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.

Policy Mode Indexed

Policy Type BuiltIn

Policy in Preview FALSE

Policy Deprecated FALSE

Policy Effect Fixed: deployIfNotExists

Roles used

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c

Policy Changes

Date/Time (UTC ymd) (i)	Change	Change detail
2020-09-15 14:06:41	change: DisplayName	previous DisplayName: [Preview]: Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
2020-08-05 13:05:29	change: DisplayName	previous DisplayName: [Preview]: Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows virtual machines
2020-06-23 16:03:25	add: Policy	385f5831-96d4-41db-9a3c-cd3af78aaae6

Used in Policy Initiative(s)

Initiative DisplayName	Initiative Id
[Preview]: NIST SP 800-171 R2	03055927-78bd-4236-86c0-f36125a10dc9
IRS1075 September 2016	105e0327-6175-4eb2-9af4-1fba43bdb39d
[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines	12794019-7a00-42cf-95c2-882eed337cc8
[Preview]: Australian Government ISM PROTECTED	27272c0b-c225-4cc3-b8b0-f2534b093077
UK OFFICIAL and UK NHS	3937f550-eedd-4639-9c5e-294358be442e
[Preview]: SWIFT CSP-CSCF v2020	3e0c67fc-8c7c-406c-89bd-6b6bdc986a22
[Preview]: Azure Security Benchmark	42a694ed-f65e-42b2-aa9e-8052e9740a92
PCI v3.2.1:2018	496eeda9-8f2f-4d5e-8dfd-204f0a92ed41
Canada Federal PBMM	4c4a5f27-de81-430b-b4e5-9cbd50595a87
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2
[Deprecated]: DOD Impact Level 4	8d792a84-723c-4d92-a3c3-e4ed16a2d133
[Preview]: Motion Picture Association of America (MPAA)	92646f03-e39d-47a9-9e24-58d60ef49af8
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab
NIST SP 800-53 R4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693

Policy Rule

{
  "properties": {
    "displayName": "Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.",
    "metadata": {
      "category": "Guest Configuration",
      "version": "1.0.0"
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "in": [
                  "esri",
                  "incredibuild",
                  "MicrosoftDynamicsAX",
                  "MicrosoftSharepoint",
                  "MicrosoftVisualStudio",
                  "MicrosoftWindowsDesktop",
                  "MicrosoftWindowsServerHPCPack"
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageSKU",
                    "notLike": "2008*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftSQLServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "notLike": "SQL2008*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-dsvm"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "dsvm-windows"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-ads"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "standard-data-science-vm",
                      "windows-data-science-vm"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "batch"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "rendering-windows2016"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "center-for-internet-security-inc"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "cis-windows-server-201*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "pivotal"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "bosh-windows-server*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloud-infrastructure-services"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "ad*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
                        "exists": "true"
                      },
                      {
                        "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                        "like": "Windows*"
                      }
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "exists": "false"
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imageSKU",
                            "notLike": "2008*"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "notLike": "SQL2008*"
                          }
                        ]
                      }
                    ]
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "name": "AzurePolicyforWindows",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
                "equals": "Microsoft.GuestConfiguration"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/type",
                "equals": "ConfigurationforWindows"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
                "equals": "Succeeded"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "apiVersion": "2019-07-01",
                  "name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]",
                    "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                    "properties": {
                      "publisher": "Microsoft.GuestConfiguration",
                      "type": "ConfigurationforWindows",
                      "typeHandlerVersion": "1.1",
                      "autoUpgradeMinorVersion": true,
                      "settings": {
                        
                      },
                      "protectedSettings": {
                        
                      }
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "385f5831-96d4-41db-9a3c-cd3af78aaae6"
}

You like AzAdvertizer ? Go checkout the new version of AzGovViz

Azure Policy

Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

Popular