Source
Azure Portal
Display name
[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension
Id
496e010e-fa91-4c00-be4b-92b481f67b58 Copy Id Copy resourceId
Version
2.0.0-preview Details on versioning
Versioning
Versions supported for Versioning: 1 2.0.0-preview Built-in Versioning [Preview]
Category
Security Center Microsoft Learn
Description
Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.
Cloud environments
AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown
Available in AzUSGov
The Policy is available in AzureUSGovernment cloud. Version: '2.0.0-preview' Repository: Azure-Policy 496e010e-fa91-4c00-be4b-92b481f67b58
Mode
Indexed
Type
BuiltIn
Preview
True
Deprecated
False
Effect
Default DeployIfNotExists
Allowed DeployIfNotExists, Disabled
RBAC role(s)
Rule aliases
IF (5)
THEN-ExistenceCondition (3)
Rule resource types
IF (1)
THEN-Deployment (1)
Compliance
Not a Compliance control
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear Trusted Launch Clear Preview Clear BuiltIn
Initiative DisplayName
Initiative Id
Initiative Category
State
Type
polSet in AzUSGov
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs
281d9e47-d14d-4f05-b8eb-18f2c4a034ff
Trusted Launch
Preview BuiltIn
unknown
No results
History
Date/Time (UTC ymd) (i)
Change type
Change detail
2021-11-12 16:23:07
change
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-22 15:42:38
add
496e010e-fa91-4c00-be4b-92b481f67b58
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.0.0-preview
version right: 2.0.0-preview 1.0.0-preview
@@ -4,9 +4,9 @@
4
"mode": "Indexed",
5
"description": "Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.",
6
"metadata": {
7
"category": "Security Center",
8
-
"version": "1.0.0-preview",
9
"preview": true
10
},
11
"parameters": {
12
"effect": {
@@ -37,8 +37,12 @@
37
"field": "type",
38
"equals": "Microsoft.Compute/virtualMachines"
39
},
40
{
41
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
42
"exists": "true"
43
},
44
{
4
"mode": "Indexed",
5
"description": "Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.",
6
"metadata": {
7
"category": "Security Center",
8
+
"version": "2 .0.0-preview",
9
"preview": true
10
},
11
"parameters": {
12
"effect": {
37
"field": "type",
38
"equals": "Microsoft.Compute/virtualMachines"
39
},
40
{
41
+
"field": "Microsoft.Compute/virtualMachines/securityProfile.securityType",
42
+
"equals": "TrustedLaunch"
43
+
},
44
+
{
45
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
46
"exists": "true"
47
},
48
{
JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension" , policyType: "BuiltIn" , mode: "Indexed" , description: "Configure virtual machines created with Shared Image Gallery images to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation." , metadata: { 3 items category: "Security Center" , version: "2.0.0-preview" , preview: true } , parameters: { 2 items } , policyRule: { 2 items if: { 1 item allOf: [ 6 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.securityType" , equals: "TrustedLaunch" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings" , exists: "true" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled" , equals: "true" } , { 2 items field: "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled" , equals: "true" } , { 2 items field: "Microsoft.Compute/imageid" , exists: "true" } ] } , then: { 2 items effect: "[parameters('effect')]" , details: { 4 items type: "Microsoft.Compute/virtualMachines/extensions" , existenceCondition: { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/virtualMachines/extensions/publisher" , in: [ 2 items "Microsoft.Azure.Security.LinuxAttestation" , "Microsoft.Azure.Security.WindowsAttestation" ] } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/type" , equals: "GuestAttestation" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/provisioningState" , in: [ 2 items "Succeeded" , "Provisioning succeeded" ] } ] } , roleDefinitionIds: [ 2 items "/providers/microsoft.authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7" Reader , "/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c" Virtual Machine Contributor ] , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 4 items } , template: { 5 items $schema: "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 4 items } , variables: { 6 items extensionName: "GuestAttestation" , extensionPublisherPrefix: "Microsoft.Azure.Security." , extensionPublisherSuffix: "Attestation" , extensionVersion: "1.0" , maaTenantName: "GuestAttestation" , ascReportingEndpoint: "" } , resources: [ 1 item { 5 items type: "Microsoft.Compute/virtualMachines/extensions" , apiVersion: "2018-10-01" , name: 🔍 "[
concat(
parameters('vmName'),
'/',
variables(
'extensionName'
)
)
]", location: "[parameters('location')]" , properties: { 5 items publisher: 🔍 "[
concat(
variables(
'extensionPublisherPrefix'
),
reference(
split(
parameters('imageId'),
'/versions'
)[
0
],
'2021-07-01'
).osType,
variables(
'extensionPublisherSuffix'
)
)
]", type: "[variables('extensionName')]" , typeHandlerVersion: "[variables('extensionVersion')]" , autoUpgradeMinorVersion: true , settings: { 1 item } } } ] } } } } } } }