AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

[Preview]: Deploy Image Integrity on Azure Kubernetes Service

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Deploy Image Integrity on Azure Kubernetes Service

5dc99dae-cfb2-42cc-8762-9aae02b74e27

Version

1.1.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 3
1.1.0-preview
1.0.5-preview
1.0.4-preview
Built-in Versioning [Preview]

Category

Kubernetes
Microsoft Learn

Description

Deploy both Image Integrity and Policy Add-Ons Azure Kubernetes clusters. For more info, visit https://aka.ms/aks/image-integrity

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.*.*-preview'

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Azure Kubernetes Service Contributor Role	ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment	18ed5180-3e48-46fd-8541-4ea054d57064

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.ContainerService/managedClusters/securityProfile.imageIntegrity.enabled	Microsoft.ContainerService	managedClusters	properties.securityProfile.imageIntegrity.enabled	True		False

Rule resource types

IF (1)

Microsoft.ContainerService/managedClusters

THEN-Deployment (2)

Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Preview]: Use Image Integrity to ensure only trusted images are deployed	af28bf8b-c669-4dd3-9137-1e68fdc61bd6	Kubernetes	Preview	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2025-03-21 20:19:45	change	Minor, suffix remains equal (1.0.5-preview > 1.1.0-preview)
2023-11-08 19:40:08	change	Patch, suffix remains equal (1.0.4-preview > 1.0.5-preview)
2023-10-31 19:02:40	change	Patch, suffix remains equal (1.0.3-preview > 1.0.4-preview)
2023-10-23 17:41:36	change	Patch, suffix remains equal (1.0.1-preview > 1.0.3-preview)
2023-10-16 18:01:34	change	Patch, suffix remains equal (1.0.0-preview > 1.0.1-preview)
2023-09-01 18:00:13	add	5dc99dae-cfb2-42cc-8762-9aae02b74e27

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC