AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access'

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access'
Id 8e170edb-e0f5-497a-bb36-48b3280cec6a
Version 1.2.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.2.0 (1.2.0-deprecated)
Built-in Versioning [Preview]
Category Guest Configuration
Microsoft Learn
Description This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Object Access'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '3.0.0-deprecated'
Repository: Azure-Policy 8e170edb-e0f5-497a-bb36-48b3280cec6a
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Fixed
deployIfNotExists
RBAC role(s)
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule aliases IF (6)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration Microsoft.Compute virtualMachines properties.osProfile.windowsConfiguration True True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType True True
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName True False
THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash Microsoft.GuestConfiguration guestConfigurationAssignments properties.parameterHash True False
Rule resource types IF (2)
THEN-Deployment (3)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Deprecated]: Audit Windows VMs that do not match Azure compute security baseline settings d618d658-b2d0-410e-9e2e-bfbfd04d09fa Guest Configuration Deprecated BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-08-20 14:05:01 change Previous DisplayName: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access'
2020-06-09 16:25:53 change Previous DisplayName: [Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access'
2019-12-17 15:43:46 change Previous DisplayName: [Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Object Access'
JSON compare n/a
JSON
api-version=2021-06-01
EPAC