last sync: 2021-Jul-26 15:31:58 UTC

Azure Policy definition

[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent

Name [Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent
Azure Portal
Id 5f8eb305-9c9f-4abe-9bb0-df220d9faba2
Version 3.0.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Configure supported Linux virtual machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-06-22 14:29:30 change Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-05-04 14:34:06 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-01-22 09:14:53 add 5f8eb305-9c9f-4abe-9bb0-df220d9faba2
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines a15f3269-2e10-458c-87a4-d5989e678a73 Monitoring Preview
JSON Changes

JSON
{
  "properties": {
  "displayName": "[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Configure supported Linux virtual machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location.",
    "metadata": {
      "category": "Security Center",
      "version": "3.0.0-preview",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "field": "location",
            "in": [
              "australiacentral",
              "australiaeast",
              "australiasoutheast",
              "centralindia",
              "centralus",
              "eastasia",
              "eastus",
              "eastus2",
              "germanywestcentral",
              "japaneast",
              "northcentralus",
              "northeurope",
              "southcentralus",
              "southeastasia",
              "uksouth",
              "westcentralus",
              "westeurope",
              "westus",
              "westus2"
            ]
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "RHEL",
                      "RHEL-SAP-HANA"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "SUSE"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "SLES",
                      "SLES-HPC",
                      "SLES-HPC-Priority",
                      "SLES-SAP",
                      "SLES-SAP-BYOS",
                      "SLES-Priority",
                      "SLES-BYOS",
                      "SLES-SAPCAL",
                      "SLES-Standard"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "12*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Canonical"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "UbuntuServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "14.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "16.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "18.04*LTS"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Oracle"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Oracle-Linux"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "OpenLogic"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "CentOS",
                      "Centos-LVM",
                      "CentOS-SRIOV"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-centos-os"
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "like": "7*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "credativ"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "debian"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "8"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "9"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Debian"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "debian-10"
                    ]
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "like": "10"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "anyOf": [
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "Canonical"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "UbuntuServer"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "18_04-lts-gen2"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "Canonical"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "0001-com-ubuntu-server-focal"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "20_04-lts-gen2"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "RedHat"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "RHEL"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "83-gen2"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "SUSE"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "SLES-15-SP2"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "gen2"
                          }
                        ]
                      }
                    ]
                  },
                  {
                    "field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
                    "exists": "true"
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/type",
                "equals": "AzureSecurityLinuxAgent"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/Publisher",
                "equals": "Microsoft.Azure.Security.Monitoring"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
                "in": [
                  "Succeeded",
                  "Provisioning succeeded"
                ]
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "location": {
                "value": "[field('location')]"
                },
                "vmName": {
                "value": "[field('name')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "location": {
                    "type": "string"
                  },
                  "vmName": {
                    "type": "string"
                  }
                },
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.Compute/virtualMachines/extensions",
                  "name": "[concat(parameters('vmName'), '/', 'AzureSecurityLinuxAgent')]",
                    "apiVersion": "2019-03-01",
                  "location": "[parameters('location')]",
                    "properties": {
                      "publisher": "Microsoft.Azure.Security.Monitoring",
                      "type": "AzureSecurityLinuxAgent",
                      "typeHandlerVersion": "2.0",
                      "autoUpgradeMinorVersion": "true",
                      "settings": {
                        
                      },
                      "protectedsettings": {
                        
                      }
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5f8eb305-9c9f-4abe-9bb0-df220d9faba2"
}