last sync: 2022-Jun-28 16:32:57 UTC

Azure Policy definition

[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines

Name [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines
Azure Portal
Id 672fe5a1-2fcd-42d7-b85d-902b6e28c6ff
Version 5.0.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Install Guest Attestation extension on supported Linux virtual machines to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment only applies to trusted launch enabled Linux virtual machines.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
Rule Aliases IF (8)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imageSku Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/virtualMachines/securityProfile.securityType Microsoft.Compute virtualMachines properties.securityProfile.securityType false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.secureBootEnabled false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.vTpmEnabled false
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType true
THEN-ExistenceCondition (3)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/virtualMachines/extensions/provisioningState Microsoft.Compute virtualMachines/extensions properties.provisioningState false
Microsoft.Compute/virtualMachines/extensions/publisher Microsoft.Compute virtualMachines/extensions properties.publisher false
Microsoft.Compute/virtualMachines/extensions/type Microsoft.Compute virtualMachines/extensions properties.type false
Rule ResourceTypes IF (1)
Microsoft.Compute/virtualMachines
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-11-12 16:23:07 change Major, suffix remains equal (2.0.0-preview > 5.0.0-preview)
2021-08-23 14:26:16 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-05-04 14:34:06 add 672fe5a1-2fcd-42d7-b85d-902b6e28c6ff
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
JSON Changes

JSON