AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension

496e010e-fa91-4c00-be4b-92b481f67b58

Version

2.0.0-preview
Details on versioning

Category

Security Center
Microsoft Learn

Description

Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Reader	acdd72a7-3385-48ef-bd42-f606fba81ae7
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Rule aliases

IF (5)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageid	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.id properties.virtualMachineProfile.storageProfile.imageReference.id properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/virtualMachines/securityProfile.securityType	Microsoft.Compute	virtualMachines	properties.securityProfile.securityType	True	False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings	True	False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings.secureBootEnabled	True	False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings.vTpmEnabled	True	False

THEN-ExistenceCondition (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/virtualMachines/extensions/provisioningState	Microsoft.Compute	virtualMachines/extensions	properties.provisioningState	True	False
Microsoft.Compute/virtualMachines/extensions/publisher	Microsoft.Compute	virtualMachines/extensions	properties.publisher	True	False
Microsoft.Compute/virtualMachines/extensions/type	Microsoft.Compute	virtualMachines/extensions	properties.type	True	False

Rule resource types

IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (1)
Microsoft.Compute/virtualMachines/extensions

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs	281d9e47-d14d-4f05-b8eb-18f2c4a034ff	Trusted Launch	Preview	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-11-12 16:23:07	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-22 15:42:38	add	496e010e-fa91-4c00-be4b-92b481f67b58

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC