AzPolicyAdvertizer

last sync: 2022-Sep-23 16:35:49 UTC

Azure Policy definition

Linux machines should only have local accounts that are allowed

Name

Linux machines should only have local accounts that are allowed
Azure Portal

73db37c4-f180-4b0f-ab2c-8ee96467686b

Version

2.0.0
details on versioning

Category

Guest Configuration
Microsoft docs

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Managing user accounts using Azure Active Directory is a best practice for management of identities. Reducing local machine accounts helps prevent the proliferation of identities managed outside a central system. Machines are non-compliant if local user accounts exist that are enabled and not listed in the policy parameter.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role

none

Rule Aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.linuxConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	VirtualMachines	properties.osProfile.osType	false
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	false

Rule ResourceTypes

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (1.1.0 > 2.0.0)
2021-10-04 15:27:15	change	Minor (1.0.0 > 1.1.0)
2021-05-18 14:34:48	add	73db37c4-f180-4b0f-ab2c-8ee96467686b

Used in Initiatives

none

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

AzPolicyAdvertizer

Azure Policy definition

Linux machines should only have local accounts that are allowed

JSON Left

JSON Right