last sync: 2024-Oct-04 17:51:30 UTC

[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension
Id 496e010e-fa91-4c00-be4b-92b481f67b58
Version 2.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
2.0.0-preview
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Reader acdd72a7-3385-48ef-bd42-f606fba81ae7
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Rule aliases IF (5)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageid Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.id
properties.virtualMachineProfile.storageProfile.imageReference.id
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/virtualMachines/securityProfile.securityType Microsoft.Compute virtualMachines properties.securityProfile.securityType True False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings True False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.secureBootEnabled True False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.vTpmEnabled True False
THEN-ExistenceCondition (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/virtualMachines/extensions/provisioningState Microsoft.Compute virtualMachines/extensions properties.provisioningState True False
Microsoft.Compute/virtualMachines/extensions/publisher Microsoft.Compute virtualMachines/extensions properties.publisher True False
Microsoft.Compute/virtualMachines/extensions/type Microsoft.Compute virtualMachines/extensions properties.type True False
Rule resource types IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (1)
Microsoft.Compute/virtualMachines/extensions
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs 281d9e47-d14d-4f05-b8eb-18f2c4a034ff Trusted Launch Preview BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-11-12 16:23:07 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-22 15:42:38 add 496e010e-fa91-4c00-be4b-92b481f67b58
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC