last sync: 2024-Apr-24 17:46:58 UTC

Windows machines should have Log Analytics agent installed on Azure Arc

Azure BuiltIn Policy definition

Source Azure Portal
Display name Windows machines should have Log Analytics agent installed on Azure Arc
Id 4078e558-bda6-41fb-9b3c-361e8875200d
Version 2.0.0
Details on versioning
Category Guest Configuration
Microsoft Learn
Description Machines are non-compliant if Log Analytics agent is not installed on Azure Arc enabled windows server.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName false
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus false
Rule resource types IF (1)
Microsoft.HybridCompute/machines
Compliance
The following 1 compliance controls are associated with this Policy definition 'Windows machines should have Log Analytics agent installed on Azure Arc' (4078e558-bda6-41fb-9b3c-361e8875200d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Logging and Threat Detection Centralize security log management and analysis Shared **Security Principle:** Centralize logging storage and analysis to enable correlation across log data. For each log source, ensure that you have assigned a data owner, access guidance, storage location, what tools are used to process and access the data, and data retention requirements. **Azure Guidance:** Ensure that you are integrating Azure activity logs into a centralized Log Analytics workspace. Use Azure Monitor to query and perform analytics and create alert rules using the logs aggregated from Azure services, endpoint devices, network resources, and other security systems. In addition, enable and onboard data to Azure Sentinel which provides the security information event management (SIEM) and security orchestration automated response (SOAR) capability. **Implementation and additional context:** How to collect platform logs and metrics with Azure Monitor: https://docs.microsoft.com/azure/azure-monitor/platform/diagnostic-settings How to onboard Azure Sentinel: https://docs.microsoft.com/azure/sentinel/quickstart-onboard n/a link 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-28 17:51:01 change Major (1.0.0 > 2.0.0)
2021-09-27 15:52:17 add 4078e558-bda6-41fb-9b3c-361e8875200d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC