AzPolicyAdvertizer

last sync: 2022-May-23 08:52:47 UTC

Azure Policy definition

Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities

Name

Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities
Azure Portal

3cf2ab00-13f1-4d0c-8971-2ac904541a7e

Version

4.0.0
details on versioning

Category

Guest Configuration
Microsoft docs

Description

This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Fixed: modify

Used RBAC Role

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c

Rule Aliases

IF (6)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.linuxConfiguration	true
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true

Rule ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-03-18 17:53:47	change	Major (3.0.0 > 4.0.0)
2022-02-18 17:44:00	change	Major (2.0.0 > 3.0.0)
2022-01-28 17:51:01	change	Major (1.1.0 > 2.0.0)
2021-12-06 22:17:57	change	Minor (1.0.0 > 1.1.0)
2020-09-15 14:06:41	change	Previous DisplayName: [Preview]: Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities
2020-07-17 15:57:10	add	3cf2ab00-13f1-4d0c-8971-2ac904541a7e
2020-06-29 05:46:45	remove	3cf2ab00-13f1-4d0c-8971-2ac904541a7e
2020-06-23 16:03:25	add	3cf2ab00-13f1-4d0c-8971-2ac904541a7e

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Deprecated]: Azure Security Benchmark v1	42a694ed-f65e-42b2-aa9e-8052e9740a92	Regulatory Compliance	Deprecated	BuiltIn
[Deprecated]: DoD Impact Level 4	8d792a84-723c-4d92-a3c3-e4ed16a2d133	Regulatory Compliance	Deprecated	BuiltIn
[Preview]: Australian Government ISM PROTECTED	27272c0b-c225-4cc3-b8b0-f2534b093077	Regulatory Compliance	Preview	BuiltIn
[Preview]: Motion Picture Association of America (MPAA)	92646f03-e39d-47a9-9e24-58d60ef49af8	Regulatory Compliance	Preview	BuiltIn
[Preview]: SWIFT CSCF v2021	abf84fac-f817-a70c-14b5-47eec767458a	Regulatory Compliance	Preview	BuiltIn
[Preview]: SWIFT CSP-CSCF v2020	3e0c67fc-8c7c-406c-89bd-6b6bdc986a22	Regulatory Compliance	Preview	BuiltIn
Canada Federal PBMM	4c4a5f27-de81-430b-b4e5-9cbd50595a87	Regulatory Compliance	GA	BuiltIn
CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	GA	BuiltIn
Deploy prerequisites to enable Guest Configuration policies on virtual machines	12794019-7a00-42cf-95c2-882eed337cc8	Guest Configuration	GA	BuiltIn
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
IRS1075 September 2016	105e0327-6175-4eb2-9af4-1fba43bdb39d	Regulatory Compliance	GA	BuiltIn
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn
NIST SP 800-171 Rev. 2	03055927-78bd-4236-86c0-f36125a10dc9	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn
PCI v3.2.1:2018	496eeda9-8f2f-4d5e-8dfd-204f0a92ed41	Regulatory Compliance	GA	BuiltIn
UK OFFICIAL and UK NHS	3937f550-eedd-4639-9c5e-294358be442e	Regulatory Compliance	GA	BuiltIn

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

AzPolicyAdvertizer

Azure Policy definition

Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities

JSON Left

JSON Right