Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the agent is not installed, or if it is installed but the COM object AgentConfigManager.MgmtSvcCfg returns that it is registered to a workspace other than the ID specified in the policy parameter.
The following 13 compliance controls are associated with this Policy definition 'Audit Windows machines on which the Log Analytics agent is not connected as expected' (6265018c-d7e2-432f-a75d-094d5f6f4465)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
Ingest logs via Azure Monitor to aggregate security data generated by endpoint devices, network resources, and other security systems. Within Azure Monitor, use Log Analytics Workspace(s) to query and perform analytics, and use Azure Storage Accounts for long-term/archival storage.
Alternatively, you may enable and on-board data to Azure Sentinel or a third-party SIEM. How to onboard Azure Sentinel:
https://docs.microsoft.com/azure/sentinel/quickstart-onboard
How to collect platform logs and metrics with Azure Monitor:
https://docs.microsoft.com/azure/azure-monitor/platform/diagnostic-settings
How to collect Azure Virtual Machine internal host logs with Azure Monitor:
https://docs.microsoft.com/azure/azure-monitor/learn/quick-collect-azurevm
How to get started with Azure Monitor and third-party SIEM integration:
https://azure.microsoft.com/blog/use-azure-monitor-to-integrate-with-siem-tools/
If the compute resource is owned by Microsoft, then Microsoft is responsible for monitoring it. If the compute resource is owned by your organization, it's your responsibility to monitor it. You can use Azure Security Center to monitor the OS. Data collected by Security Center from the operating system includes OS type and version, OS (Windows Event Logs), running processes, machine name, IP addresses, and logged in user. The Log Analytics Agent also collects crash dump files.
How to collect Azure Virtual Machine internal host logs with Azure Monitor:
https://docs.microsoft.com/azure/azure-monitor/learn/quick-collect-azurevm
Understand Azure Security Center data collection:
https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection
Establish Procedures for Managing the Security of System Operations
Shared
n/a
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions.
Establish Protective Measures for Administrator Privileges and Security Configurations
Shared
n/a
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations.
Establish Procedures for Managing Internal and External Intrusion Attempts
Shared
n/a
Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts.
Establish Procedures to Respond and Recover from Incidents
Shared
n/a
Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence.
Establish Procedures for Information System Failures
Shared
n/a
Establish procedures to detect, record, analyze, report, and respond to information system failures.
39
No results
Initiatives usage
Rows: 1-5 / 5
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the agent is not installed, or if it is installed but the COM object AgentConfigManager.MgmtSvcCfg returns that it is registered to a workspace other than the ID specified in the policy parameter.",
6
"metadata": {
7
"category": "Guest Configuration",
8
- "version": "1.0.0",
9
"requiredProviders": [
10
"Microsoft.GuestConfiguration"
11
],
12
"guestConfiguration": {
@@ -21,9 +21,10 @@
21
"IncludeArcMachines": {
22
"type": "String",
23
"metadata": {
24
"displayName": "Include Arc connected servers",
25
- "description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
26
},
27
"allowedValues": [
28
"true",
29
"false"
@@ -92,9 +93,9 @@
92
"equals": "microsoft-dsvm"
93
},
94
{
95
"field": "Microsoft.Compute/imageOffer",
96
- "equals": "dsvm-windows"
97
}
98
]
99
},
100
{
@@ -206,14 +207,34 @@
206
"value": "[parameters('IncludeArcMachines')]",
207
"equals": "true"
208
},
209
{
210
-"field": "type",
211
-"equals": "Microsoft.HybridCompute/machines"
212
-},
213
-{
214
-"field": "Microsoft.HybridCompute/imageOffer",
215
-"like": "windows*"
216
}
217
]
218
}
219
]
4
"mode": "Indexed",
5
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the agent is not installed, or if it is installed but the COM object AgentConfigManager.MgmtSvcCfg returns that it is registered to a workspace other than the ID specified in the policy parameter.",
6
"metadata": {
7
"category": "Guest Configuration",
8
+ "version": "2.0.0",
9
"requiredProviders": [
10
"Microsoft.GuestConfiguration"
11
],
12
"guestConfiguration": {
21
"IncludeArcMachines": {
22
"type": "String",
23
"metadata": {
24
"displayName": "Include Arc connected servers",
25
+ "description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
displayName: "Audit Windows machines on which the Log Analytics agent is not connected as expected",
policyType: "BuiltIn",
mode: "Indexed",
description: "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the agent is not installed, or if it is installed but the COM object AgentConfigManager.MgmtSvcCfg returns that it is registered to a workspace other than the ID specified in the policy parameter.",