AzPolicyAdvertizer

last sync: 2023-Nov-30 18:20:17 UTC

Azure Policy definition

Windows machines should have Log Analytics agent installed on Azure Arc

Source

Azure Portal

Display name

Windows machines should have Log Analytics agent installed on Azure Arc

4078e558-bda6-41fb-9b3c-361e8875200d

Version

2.0.0
Details on versioning

Category

Guest Configuration
Microsoft Learn

Description

Machines are non-compliant if Log Analytics agent is not installed on Azure Arc enabled windows server.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false

Rule resource types

IF (1)
Microsoft.HybridCompute/machines

Compliance

The following 1 compliance controls are associated with this Policy definition 'Windows machines should have Log Analytics agent installed on Azure Arc' (4078e558-bda6-41fb-9b3c-361e8875200d)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v3.0	LT-5	Azure_Security_Benchmark_v3.0_LT-5	Microsoft cloud security benchmark LT-5	Logging and Threat Detection	Centralize security log management and analysis	Shared	Security Principle: Centralize logging storage and analysis to enable correlation across log data. For each log source, ensure that you have assigned a data owner, access guidance, storage location, what tools are used to process and access the data, and data retention requirements. Azure Guidance: Ensure that you are integrating Azure activity logs into a centralized Log Analytics workspace. Use Azure Monitor to query and perform analytics and create alert rules using the logs aggregated from Azure services, endpoint devices, network resources, and other security systems. In addition, enable and onboard data to Azure Sentinel which provides the security information event management (SIEM) and security orchestration automated response (SOAR) capability. Implementation and additional context: How to collect platform logs and metrics with Azure Monitor: https://docs.microsoft.com/azure/azure-monitor/platform/diagnostic-settings How to onboard Azure Sentinel: https://docs.microsoft.com/azure/sentinel/quickstart-onboard	n/a	link	7

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Microsoft cloud security benchmark	1f3afdf9-d0c9-4c3d-847f-89da613e70a8	Security Center	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (1.0.0 > 2.0.0)
2021-09-27 15:52:17	add	4078e558-bda6-41fb-9b3c-361e8875200d

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC