AzPolicyAdvertizer

last sync: 2022-Sep-30 16:34:23 UTC

Azure Policy definition

[Preview]: Windows machines should meet STIG compliance requirements for Azure compute

Name

[Preview]: Windows machines should meet STIG compliance requirements for Azure compute
Azure Portal

50c52fc9-cb21-4d99-9031-d6a0c613361c

Version

1.0.0-preview
details on versioning

Category

Guest Configuration
Microsoft docs

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not configured correctly for one of the recommendations in STIG compliance requirements for Azure compute. DISA (Defense Information Systems Agency) provides technical guides STIG (Security Technical Implementation Guide) to secure compute OS as required by Department of Defense (DoD). For more details, https://public.cyber.mil/stigs/.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role

none

Rule Aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	virtualmachines	properties.osProfile.osType	false
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false

Rule ResourceTypes

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-05-06 16:29:23	add	50c52fc9-cb21-4d99-9031-d6a0c613361c

Used in Initiatives

none

JSON