AzPolicyAdvertizer

last sync: 2025-Jul-11 17:24:21 UTC

[Preview]: Configure supported Windows virtual machines to automatically enable Secure Boot

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Configure supported Windows virtual machines to automatically enable Secure Boot
Id 7cb1b219-61c6-47e0-b80c-4472cadeeb5f
Version 3.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
3.0.0-preview
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Configure supported Windows virtual machines to automatically enable Secure Boot to mitigate against malicious and unauthorized changes to the boot chain. Once enabled, only trusted bootloaders, kernel and kernel drivers will be allowed to run.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '3.0.0-preview'
Repository: Azure-Policy 7cb1b219-61c6-47e0-b80c-4472cadeeb5f
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Rule aliases IF (5)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/virtualMachines/securityProfile.securityType Microsoft.Compute virtualMachines properties.securityProfile.securityType True False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings True False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.secureBootEnabled True False
Microsoft.Compute/virtualMachines/storageProfile.imageReference.offer Microsoft.Compute virtualMachines properties.storageProfile.imageReference.offer True True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType True True
THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.secureBootEnabled True False
Rule resource types IF (1)
THEN-Deployment (1)
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-11-12 16:23:07 change Major, suffix remains equal (1.0.0-preview > 3.0.0-preview)
2021-06-08 15:17:13 add 7cb1b219-61c6-47e0-b80c-4472cadeeb5f
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC