AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Prevent deployment of Windows VM or VMSS without BYOL

Name

Prevent deployment of Windows VM or VMSS without BYOL
Community-Policy GitHub

63b4e328-7369-4a72-a5ad-0884d7fb1d04

Version

1.0.0
details on versioning

Category

Compute
Microsoft docs

Description

The policy checks if VMs or VM Scale Sets based on Microsoft operation system is using BYOL for Azure Hybrid Benefit. The decision, if VM is based on Microsoft OS or not, is based on the following policy: [Preview]: Azure Security agent should be installed on your Windows virtual machines - Microsoft Azure https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fbb2c6c6d-14bc-4443-bef3-c6be0adc6076

Mode

All

Type

Custom Community

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

Used RBAC Role

none

Rule Aliases

IF (3)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/licenseType	Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets	properties.licenseType properties.virtualMachineProfile.licenseType	false false
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true

Rule ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines

JSON