last sync: 2021-May-17 14:22:45 UTC

Azure Policy definition

[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent

Name [Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent
Azure Portal
Id 5f8eb305-9c9f-4abe-9bb0-df220d9faba2
Version 2.0.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Configure supported Linux virtual machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the virtual machine to store audit records. Target virtual machines must be in a supported location.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-05-04 14:34:06 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-01-22 09:14:53 add 5f8eb305-9c9f-4abe-9bb0-df220d9faba2
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines a15f3269-2e10-458c-87a4-d5989e678a73 Monitoring Preview
JSON Changes

JSON
{
  "properties": {
  "displayName": "[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Configure supported Linux virtual machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the virtual machine to store audit records. Target virtual machines must be in a supported location.",
    "metadata": {
      "category": "Security Center",
      "version": "2.0.0-preview",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "field": "location",
            "in": [
              "australiacentral",
              "australiaeast",
              "australiasoutheast",
              "centralindia",
              "centralus",
              "eastasia",
              "eastus",
              "eastus2",
              "germanywestcentral",
              "japaneast",
              "northcentralus",
              "northeurope",
              "southcentralus",
              "southeastasia",
              "uksouth",
              "westcentralus",
              "westeurope",
              "westus",
              "westus2"
            ]
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "RHEL",
                      "RHEL-SAP-HANA"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "SUSE"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "SLES",
                      "SLES-HPC",
                      "SLES-HPC-Priority",
                      "SLES-SAP",
                      "SLES-SAP-BYOS",
                      "SLES-Priority",
                      "SLES-BYOS",
                      "SLES-SAPCAL",
                      "SLES-Standard"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "12*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Canonical"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "UbuntuServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "14.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "16.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "18.04*LTS"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Oracle"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Oracle-Linux"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "OpenLogic"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "CentOS",
                      "Centos-LVM",
                      "CentOS-SRIOV"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-centos-os"
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "like": "7*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "credativ"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "debian"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "8"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "9"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Debian"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "debian-10"
                    ]
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "like": "10"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "anyOf": [
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "Canonical"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "UbuntuServer"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "18_04-lts-gen2"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "Canonical"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "0001-com-ubuntu-server-focal"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "20_04-lts-gen2"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "RedHat"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "RHEL"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "83-gen2"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "equals": "SUSE"
                          },
                          {
                            "field": "Microsoft.Compute/imageOffer",
                            "equals": "SLES-15-SP2"
                          },
                          {
                            "field": "Microsoft.Compute/imageSku",
                            "like": "gen2"
                          }
                        ]
                      }
                    ]
                  },
                  {
                    "field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
                    "exists": "true"
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/type",
                "equals": "AzureSecurityLinuxAgent"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/Publisher",
                "equals": "Microsoft.Azure.Security.Monitoring"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
                "in": [
                  "Succeeded",
                  "Provisioning succeeded"
                ]
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
            "/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "deploymentScope": "subscription",
          "deployment": {
            "location": "eastus",
            "properties": {
              "mode": "incremental",
              "parameters": {
                "resourceGroup": {
                "value": "[resourceGroup().name]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "vmName": {
                "value": "[field('name')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "resourceGroup": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "vmName": {
                    "type": "string"
                  }
                },
                "variables": {
                  "pairedLocations": {
                    "australiacentral": "australiacentral",
                    "australiaeast": "australiaeast",
                    "australiasoutheast": "australiasoutheast",
                    "centralindia": "centralindia",
                    "centralus": "centralus",
                    "eastasia": "eastasia",
                    "eastus": "eastus",
                    "eastus2": "eastus2",
                    "germanywestcentral": "germanywestcentral",
                    "japaneast": "japaneast",
                    "northcentralus": "northcentralus",
                    "northeurope": "northeurope",
                    "southcentralus": "southcentralus",
                    "southeastasia": "southeastasia",
                    "uksouth": "uksouth",
                    "westcentralus": "westcentralus",
                    "westeurope": "westeurope",
                    "westus": "westus",
                    "westus2": "westus2"
                  },
                  "locationLongNameToShortMap": {
                    "australiacentral": "CAU",
                    "australiaeast": "EAU",
                    "australiasoutheast": "SEAU",
                    "centralindia": "CIN",
                    "centralus": "CUS",
                    "eastasia": "EA",
                    "eastus": "EUS",
                    "eastus2": "EUS2",
                    "germanywestcentral": "DEWC",
                    "japaneast": "EJP",
                    "northcentralus": "NCUS",
                    "northeurope": "NEU",
                    "southcentralus": "SCUS",
                    "southeastasia": "SEA",
                    "uksouth": "SUK",
                    "westcentralus": "WCUS",
                    "westeurope": "WEU",
                    "westus": "WUS",
                    "westus2": "WUS2"
                  },
                "locationCode": "[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]",
                "subscriptionId": "[subscription().subscriptionId]",
                "defaultRGName": "[concat('DefaultResourceGroup-', variables('locationCode'))]",
                "defaultRGLocation": "[variables('pairedLocations')[parameters('location')]]",
                "workspaceName": "[concat('defaultWorkspace-', variables('subscriptionId'),'-', variables('locationCode'))]",
                "dcrName": "[concat('Microsoft-Security-', variables('locationCode'), '-dcr')]",
                "dcrId": "[concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]",
                "dcraName": "[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]",
                "deployAzureSecurityLinuxAgent": "[concat('deployAzureSecurityLinuxAgent-', uniqueString(deployment().name))]",
                "deployDefaultAscResourceGroup": "[concat('deployDefaultAscResourceGroup-', uniqueString(deployment().name))]",
                "deployDataCollectionRulesAssociation": "[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]"
                },
                "resources": [
                  {
                    "type": "Microsoft.Resources/deployments",
                  "name": "[variables('deployAzureSecurityLinuxAgent')]",
                    "apiVersion": "2020-06-01",
                  "resourceGroup": "[parameters('resourceGroup')]",
                    "properties": {
                      "mode": "Incremental",
                      "expressionEvaluationOptions": {
                        "scope": "inner"
                      },
                      "parameters": {
                        "location": {
                        "value": "[parameters('location')]"
                        },
                        "vmName": {
                        "value": "[parameters('vmName')]"
                        }
                      },
                      "template": {
                        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                        "contentVersion": "1.0.0.0",
                        "parameters": {
                          "location": {
                            "type": "string"
                          },
                          "vmName": {
                            "type": "string"
                          }
                        },
                        "variables": {
                          
                        },
                        "resources": [
                          {
                            "type": "Microsoft.Compute/virtualMachines/extensions",
                          "name": "[concat(parameters('vmName'), '/', 'AzureSecurityLinuxAgent')]",
                            "apiVersion": "2019-03-01",
                          "location": "[parameters('location')]",
                            "properties": {
                              "publisher": "Microsoft.Azure.Security.Monitoring",
                              "type": "AzureSecurityLinuxAgent",
                              "typeHandlerVersion": "2.0",
                              "autoUpgradeMinorVersion": "true",
                              "settings": {
                                
                              },
                              "protectedsettings": {
                                
                              }
                            }
                          }
                        ]
                      }
                    }
                  },
                  {
                    "type": "Microsoft.Resources/resourceGroups",
                  "name": "[variables('defaultRGName')]",
                    "apiVersion": "2019-05-01",
                  "location": "[variables('defaultRGLocation')]"
                  },
                  {
                    "type": "Microsoft.Resources/deployments",
                  "name": "[variables('deployDefaultAscResourceGroup')]",
                    "apiVersion": "2020-06-01",
                  "resourceGroup": "[variables('defaultRGName')]",
                    "properties": {
                      "mode": "Incremental",
                      "expressionEvaluationOptions": {
                        "scope": "inner"
                      },
                      "parameters": {
                        "defaultRGLocation": {
                        "value": "[variables('defaultRGLocation')]"
                        },
                        "workspaceName": {
                        "value": "[variables('workspaceName')]"
                        },
                        "dcrName": {
                        "value": "[variables('dcrName')]"
                        }
                      },
                      "template": {
                        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                        "contentVersion": "1.0.0.0",
                        "parameters": {
                          "defaultRGLocation": {
                            "type": "string"
                          },
                          "workspaceName": {
                            "type": "string"
                          },
                          "dcrName": {
                            "type": "string"
                          }
                        },
                        "variables": {
                          "securitySolution": {
                          "Name": "[Concat('Security', '(', parameters('workspaceName'), ')')]",
                            "GalleryName": "Security"
                          },
                          "securityCenterFreeSolution": {
                          "Name": "[Concat('SecurityCenterFree', '(', parameters('workspaceName'), ')')]",
                            "GalleryName": "SecurityCenterFree"
                          }
                        },
                        "resources": [
                          {
                            "type": "Microsoft.OperationalInsights/workspaces",
                          "name": "[parameters('workspaceName')]",
                            "apiVersion": "2015-11-01-preview",
                          "location": "[parameters('defaultRGLocation')]",
                            "properties": {
                              "sku": {
                                "name": "pernode"
                              },
                              "retentionInDays": 30,
                              "features": {
                                "searchVersion": 1
                              }
                            }
                          },
                          {
                            "type": "Microsoft.OperationsManagement/solutions",
                          "name": "[variables('securitySolution').Name]",
                            "apiVersion": "2015-11-01-preview",
                          "location": "[parameters('defaultRGLocation')]",
                            "dependsOn": [
                            "[parameters('workspaceName')]"
                            ],
                            "properties": {
                            "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
                            },
                            "plan": {
                            "name": "[variables('securitySolution').Name]",
                              "publisher": "Microsoft",
                            "product": "[Concat('OMSGallery/', variables('securitySolution').GalleryName)]",
                              "promotionCode": ""
                            }
                          },
                          {
                            "type": "Microsoft.OperationsManagement/solutions",
                          "name": "[variables('securityCenterFreeSolution').Name]",
                            "apiVersion": "2015-11-01-preview",
                          "location": "[parameters('defaultRGLocation')]",
                            "dependsOn": [
                            "[parameters('workspaceName')]"
                            ],
                            "properties": {
                            "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
                            },
                            "plan": {
                            "name": "[variables('securityCenterFreeSolution').Name]",
                              "publisher": "Microsoft",
                            "product": "[Concat('OMSGallery/', variables('securityCenterFreeSolution').GalleryName)]",
                              "promotionCode": ""
                            }
                          },
                          {
                            "type": "Microsoft.Insights/dataCollectionRules",
                          "name": "[parameters('dcrName')]",
                            "apiVersion": "2019-11-01-preview",
                          "location": "[parameters('defaultRGLocation')]",
                            "dependsOn": [
                            "[parameters('workspaceName')]"
                            ],
                            "properties": {
                              "description": "Data collection rule for Azure Security Center. Deleting this rule will break the detection of security vulnerabilities.",
                              "dataSources": {
                                "windowsEventLogs": [
                                  {
                                    "name": "RomeDetectionEventDataSource",
                                    "streams": [
                                      "Microsoft-RomeDetectionEvent"
                                    ],
                                    "scheduledTransferPeriod": "PT5M",
                                    "xPathQueries": [
                                      "Security!*",
                                      "Microsoft-Windows-AppLocker/EXE and DLL!*"
                                    ]
                                  }
                                ],
                                "syslog": [
                                  {
                                    "name": "SyslogDataSource",
                                    "streams": [
                                      "Microsoft-Syslog"
                                    ],
                                    "facilityNames": [
                                      "kern",
                                      "auth",
                                      "authpriv",
                                      "cron",
                                      "user",
                                      "daemon",
                                      "syslog",
                                      "local0"
                                    ],
                                    "logLevels": [
                                      "Debug",
                                      "Critical",
                                      "Emergency"
                                    ]
                                  }
                                ],
                                "extensions": [
                                  {
                                    "extensionName": "AzureSecurityLinuxAgent",
                                    "name": "AscLinuxDataSource",
                                    "streams": [
                                      "Microsoft-OperationLog",
                                      "Microsoft-SecurityBaseline",
                                      "Microsoft-SecurityBaselineSummary",
                                      "Microsoft-ProcessInvestigator",
                                      "Microsoft-Auditd",
                                      "Microsoft-ProtectionStatus",
                                      "Microsoft-Heartbeat"
                                    ],
                                    "extensionSettings": {
                                      "scanners": [
                                        {
                                          "name": "heartbeat",
                                          "frequency": "PT1H"
                                        },
                                        {
                                          "name": "time",
                                          "frequency": "PT8H"
                                        },
                                        {
                                          "name": "antimalware",
                                          "frequency": "PT8H"
                                        },
                                        {
                                          "name": "codeintegrity",
                                          "frequency": "P1D"
                                        },
                                        {
                                          "name": "processinvestigator",
                                          "frequency": "PT1H"
                                        },
                                        {
                                          "name": "baseline",
                                          "frequency": "P1D",
                                          "options": [
                                            {
                                              "name": "Baseline",
                                              "value": "Azure.Ubuntu"
                                            },
                                            {
                                              "name": "AscBaseline",
                                              "value": "OMS.Linux"
                                            }
                                          ]
                                        },
                                        {
                                          "name": "docker",
                                          "frequency": "P1D",
                                          "options": [
                                            {
                                              "name": "Baseline",
                                              "value": "Azure.Docker.Linux"
                                            },
                                            {
                                              "name": "AscBaseline",
                                              "value": "OMS.Docker.Linux"
                                            }
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  {
                                    "extensionName": "AzureSecurityWindowsAgent",
                                    "name": "AsaWindowsDataSource",
                                    "streams": [
                                      "Microsoft-OperationLog",
                                      "Microsoft-SecurityBaseline",
                                      "Microsoft-ProcessInvestigator",
                                      "Microsoft-ProtectionStatus",
                                      "Microsoft-SecurityBaselineSummary"
                                    ],
                                    "extensionSettings": {
                                      "scanners": [
                                        {
                                          "name": "heartbeat",
                                          "frequency": "PT1H"
                                        },
                                        {
                                          "name": "baseline",
                                          "frequency": "P1D"
                                        },
                                        {
                                          "name": "antimalware",
                                          "frequency": "P1D"
                                        },
                                        {
                                          "name": "processinvestigator",
                                          "frequency": "PT1H"
                                        }
                                      ]
                                    }
                                  }
                                ]
                              },
                              "destinations": {
                                "logAnalytics": [
                                  {
                                  "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]",
                                    "name": "LogAnalyticsDest"
                                  }
                                ]
                              },
                              "dataFlows": [
                                {
                                  "streams": [
                                    "Microsoft-Syslog",
                                    "Microsoft-OperationLog",
                                    "Microsoft-SecurityBaseline",
                                    "Microsoft-SecurityBaselineSummary",
                                    "Microsoft-RomeDetectionEvent",
                                    "Microsoft-ProcessInvestigator",
                                    "Microsoft-Auditd",
                                    "Microsoft-ProtectionStatus",
                                    "Microsoft-Heartbeat"
                                  ],
                                  "destinations": [
                                    "LogAnalyticsDest"
                                  ]
                                }
                              ]
                            }
                          }
                        ]
                      }
                    },
                    "dependsOn": [
                    "[resourceId('Microsoft.Resources/resourceGroups', variables('defaultRGName'))]"
                    ]
                  },
                  {
                    "type": "Microsoft.Resources/deployments",
                  "name": "[variables('deployDataCollectionRulesAssociation')]",
                    "apiVersion": "2020-06-01",
                  "resourceGroup": "[parameters('resourceGroup')]",
                    "dependsOn": [
                    "[variables('deployDefaultAscResourceGroup')]"
                    ],
                    "properties": {
                      "mode": "Incremental",
                      "expressionEvaluationOptions": {
                        "scope": "inner"
                      },
                      "parameters": {
                        "location": {
                        "value": "[parameters('location')]"
                        },
                        "vmName": {
                        "value": "[parameters('vmName')]"
                        },
                        "dcrId": {
                        "value": "[variables('dcrId')]"
                        },
                        "dcraName": {
                        "value": "[variables('dcraName')]"
                        }
                      },
                      "template": {
                        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                        "contentVersion": "1.0.0.0",
                        "parameters": {
                          "location": {
                            "type": "string"
                          },
                          "vmName": {
                            "type": "string"
                          },
                          "dcrId": {
                            "type": "string"
                          },
                          "dcraName": {
                            "type": "string"
                          }
                        },
                        "variables": {
                          
                        },
                        "resources": [
                          {
                            "type": "Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations",
                          "name": "[parameters('dcraName')]",
                            "apiVersion": "2019-11-01-preview",
                            "properties": {
                              "description": "Association of data collection rule for Azure Security Center. Deleting this association will break the detection of security vulnerabilities for this virtual machine.",
                            "dataCollectionRuleId": "[parameters('dcrId')]"
                            }
                          }
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5f8eb305-9c9f-4abe-9bb0-df220d9faba2"
}