Source
Display name
[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension
Id
496e010e-fa91-4c00-be4b-92b481f67b58 Copy Id Copy resourceId
Version
2.0.0-preview
Versioning
Versions supported for Versioning: 1
Category
Security Center
Description
Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.
Cloud environments
AzureCloud = true
Available in AzUSGov
The Policy is available in AzureUSGovernment cloud. Version: '2.0.0-preview'496e010e-fa91-4c00-be4b-92b481f67b58
Mode
Indexed
Type
BuiltIn
Preview
True
Deprecated
False
Effect
Default Allowed
RBAC role(s)
Rule aliases
IF (5) THEN-ExistenceCondition (3)
Rule resource types
IF (1) THEN-Deployment (1)
Compliance
Not a Compliance control
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear Trusted Launch Clear Preview Clear BuiltIn
Initiative DisplayName
Initiative Id
Initiative Category
State
Type
polSet in AzUSGov
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs
281d9e47-d14d-4f05-b8eb-18f2c4a034ff Trusted Launch
Preview BuiltIn
unknown
No results
History
Date/Time (UTC ymd) (i)
Change type
Change detail
2021-11-12 16:23:07
change
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-22 15:42:38
add
496e010e-fa91-4c00-be4b-92b481f67b58
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.0.0-preview version right: 2.0.0-preview 1.0.0-preview
@@ -4,9 +4,9 @@
4
"mode": "Indexed",
5
"description": "Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.",
6
"metadata": {
7
"category": "Security Center",
8
-
"version": "1.0.0-preview",
9
"preview": true
10
},
11
"parameters": {
12
"effect": {
@@ -37,8 +37,12 @@
37
"field": "type",
38
"equals": "Microsoft.Compute/virtualMachines"
39
},
40
{
41
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
42
"exists": "true"
43
},
44
{
4
"mode": "Indexed",
5
"description": "Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.",
6
"metadata": {
7
"category": "Security Center",
8
+
"version": "2 .0.0-preview",
9
"preview": true
10
},
11
"parameters": {
12
"effect": {
37
"field": "type",
38
"equals": "Microsoft.Compute/virtualMachines"
39
},
40
{
41
+
"field": "Microsoft.Compute/virtualMachines/securityProfile.securityType",
42
+
"equals": "TrustedLaunch"
43
+
},
44
+
{
45
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
46
"exists": "true"
47
},
48
{
JSON
api-version=2021-06-01 Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension" , policyType: "BuiltIn" , mode: "Indexed" , description: "Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation." , metadata: { 3 items category: "Security Center" , version: "2.0.0-preview" , preview: true } , parameters: { 2 items } , policyRule: { 2 items if: { 1 item allOf: [ 6 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.securityType" , equals: "TrustedLaunch" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings" , exists: "true" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled" , equals: "true" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled" , equals: "true" } , { 2 items field: "Microsoft.Compute/imageid" , exists: "true" } ] } , then: { 2 items effect: "[parameters('effect')]" , details: { 4 items type: "Microsoft.Compute/virtualMachines/extensions" , existenceCondition: { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/virtualMachines/extensions/publisher" , in: [ 2 items "Microsoft.Azure.Security.LinuxAttestation" , "Microsoft.Azure.Security.WindowsAttestation" ] } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/type" , equals: "GuestAttestation" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/provisioningState" , in: [ 2 items "Succeeded" , "Provisioning succeeded" ] } ] } , roleDefinitionIds: [ 2 items "/providers/microsoft.authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7" Reader , "/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c" Virtual Machine Contributor ] , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 4 items } , template: { 5 items $schema: "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 4 items } , variables: { 6 items extensionName: "GuestAttestation" , extensionPublisherPrefix: "Microsoft.Azure.Security." , extensionPublisherSuffix: "Attestation" , extensionVersion: "1.0" , maaTenantName: "GuestAttestation" , ascReportingEndpoint: "" } , resources: [ 1 item { 5 items type: "Microsoft.Compute/virtualMachines/extensions" , apiVersion: "2018-10-01" , name: 🔍 "[
concat(
parameters('vmName'),
'/',
variables(
'extensionName'
)
)
]", location: "[parameters('location')]" , properties: { 5 items publisher: 🔍 "[
concat(
variables(
'extensionPublisherPrefix'
),
reference(
split(
parameters('imageId'),
'/versions'
)[
0
],
'2021-07-01'
).osType,
variables(
'extensionPublisherSuffix'
)
)
]", type: "[variables('extensionName')]" , typeHandlerVersion: "[variables('extensionVersion')]" , autoUpgradeMinorVersion: true , settings: { 1 item } } } ] } } } } } } }
