last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

Windows machines should have Log Analytics agent installed on Azure Arc

Name Windows machines should have Log Analytics agent installed on Azure Arc
Azure Portal
Id 4078e558-bda6-41fb-9b3c-361e8875200d
Version 2.0.0
details on versioning
Category Guest Configuration
Microsoft docs
Description Machines are non-compliant if Log Analytics agent is not installed on Azure Arc enabled windows server.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
AuditIfNotExists, Disabled
IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName false
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus false
IF (1)
Compliance The following 1 compliance controls are associated with this Policy definition 'Windows machines should have Log Analytics agent installed on Azure Arc' (4078e558-bda6-41fb-9b3c-361e8875200d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Logging and Threat Detection Centralize security log management and analysis Shared **Security Principle:** Centralize logging storage and analysis to enable correlation across log data. For each log source, ensure that you have assigned a data owner, access guidance, storage location, what tools are used to process and access the data, and data retention requirements. **Azure Guidance:** Ensure that you are integrating Azure activity logs into a centralized Log Analytics workspace. Use Azure Monitor to query and perform analytics and create alert rules using the logs aggregated from Azure services, endpoint devices, network resources, and other security systems. In addition, enable and onboard data to Azure Sentinel which provides the security information event management (SIEM) and security orchestration automated response (SOAR) capability. **Implementation and additional context:** How to collect platform logs and metrics with Azure Monitor: How to onboard Azure Sentinel: n/a link 7
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-28 17:51:01 change Major (1.0.0 > 2.0.0)
2021-09-27 15:52:17 add 4078e558-bda6-41fb-9b3c-361e8875200d
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn