AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

[Preview]: Azure Stack HCI servers should meet Secured-core requirements

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Azure Stack HCI servers should meet Secured-core requirements
Id 5e6bf724-0154-49bc-985f-27b2e07e636b
Version 1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
Category Stack HCI
Microsoft Learn
Description Ensure that all Azure Stack HCI servers meet the Secured-core requirements. To enable the Secured-core server requirements: 1. From the Azure Stack HCI clusters page, go to Windows Admin Center and select Connect. 2. Go to the Security extension and select Secured-core. 3. Select any setting that is not enabled and click Enable.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: 7a9de0cb-4c14-4528-a783-5123a6787dc9
DisplayName: Azure Local machines should meet Secured-core requirements
Description: Ensure that all Azure Local machines meet the Secured-core requirements.
Remediation description: To enable the Secured-core server requirements:
1. From the Azure Local instance page, go to Windows Admin Center and select Connect.
2. Go to the Security extension and select Secured-core.
3. Select any setting that is not enabled and click Enable.
Categories: Compute
Severity: Low
User impact: Low
Threats: ElevationOfPrivilege
preview: True
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
AuditIfNotExists
Allowed
Audit, Disabled, AuditIfNotExists
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.AzureStackHCI/clusters/reportedProperties.clusterVersion Microsoft.AzureStackHCI clusters properties.reportedProperties.clusterVersion True False
THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.AzureStackHCI/clusters/securitySettings/securityComplianceStatus.securedCoreCompliance Microsoft.AzureStackHCI clusters/securitySettings properties.securityComplianceStatus.securedCoreCompliance True False
Rule resource types IF (1)
Compliance
The following 2 compliance controls are associated with this Policy definition '[Preview]: Azure Stack HCI servers should meet Secured-core requirements' (5e6bf724-0154-49bc-985f-27b2e07e636b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Posture and Vulnerability Management Audit and enforce secure configurations for compute resources Shared **Security Principle:** Continuously monitor and alert when there is a deviation from the defined configuration baseline in your compute resources. Enforce the desired configuration according to the baseline configuration by denying the non-compliant configuration or deploy a configuration in compute resources. **Azure Guidance:** Use Microsoft Defender for Cloud and Azure Policy guest configuration agent to regularly assess and remediate configuration deviations on your Azure compute resources, including VMs, containers, and others. In addition, you can use Azure Resource Manager templates, custom operating system images, or Azure Automation State Configuration to maintain the security configuration of the operating system. Microsoft VM templates in conjunction with Azure Automation State Configuration can assist in meeting and maintaining security requirements. Note: Azure Marketplace VM images published by Microsoft are managed and maintained by Microsoft. **Implementation and additional context:** How to implement Microsoft Defender for Cloud vulnerability assessment recommendations: https://docs.microsoft.com/azure/security-center/security-center-vulnerability-assessment-recommendations How to create an Azure virtual machine from an ARM template: https://docs.microsoft.com/azure/virtual-machines/windows/ps-template Azure Automation State Configuration overview: https://docs.microsoft.com/azure/automation/automation-dsc-overview Create a Windows virtual machine in the Azure portal: https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-portal Container security in Microsoft Defender for Cloud: https://docs.microsoft.com/azure/security-center/container-security n/a link 13
C.04.7 - Evaluated C.04.7 - Evaluated 404 not found n/a n/a 55
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn true
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-01 17:50:27 add 5e6bf724-0154-49bc-985f-27b2e07e636b
JSON compare n/a
JSON
api-version=2021-06-01
EPAC