AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension

Name

[Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension
Azure Portal

57c2e3f0-98cf-4c3b-aa6b-e8f70726e74e

Version

6.1.0-preview
details on versioning

Category

Security Center
Microsoft docs

Description

Configure supported Linux virtual machines scale sets to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC
Role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Rule
Aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSku	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.securityType	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.securityType	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.uefiSettings	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled	false

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.publisher	false
Microsoft.Compute/virtualMachineScaleSets/extensions/type	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.type	false

Rule
ResourceTypes

IF (1)
Microsoft.Compute/virtualMachineScaleSets
THEN-Deployment (1)
Microsoft.Compute/virtualMachineScaleSets/extensions

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-02-27 19:03:54	change	Minor, suffix remains equal (6.0.0-preview > 6.1.0-preview)
2022-09-27 16:35:32	change	Major, suffix remains equal (5.0.0-preview > 6.0.0-preview)
2021-11-12 16:23:07	change	Major, suffix remains equal (3.0.0-preview > 5.0.0-preview)
2021-10-22 15:42:38	change	Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-08-23 14:26:16	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-05-04 14:34:06	add	57c2e3f0-98cf-4c3b-aa6b-e8f70726e74e

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs	281d9e47-d14d-4f05-b8eb-18f2c4a034ff	Trusted Launch	Preview	BuiltIn

JSON