last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed

Name [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed
Azure Portal
Id 90ba2ee7-4ca8-4673-84d1-c851c50d3baf
Version 1.2.0-deprecated
details on versioning
Category Guest Configuration
Microsoft docs
Description This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified Windows PowerShell modules installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated True
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-08-27 15:39:26 change Previous DisplayName: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell modules installed c980fd64-c67f-49a6-a8a8-e57661150802 Guest Configuration Deprecated
JSON
{
  "displayName": "[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified Windows PowerShell modules installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
  "metadata": {
    "version": "1.2.0-deprecated",
    "category": "Guest Configuration",
    "requiredProviders": [
      "Microsoft.GuestConfiguration"
    ],
    "deprecated": true
  },
  "parameters": {
    "Modules": {
      "type": "String",
      "metadata": {
        "displayName": "PowerShell Modules",
        "description": "A semicolon-separated list of the names of the PowerShell modules that should be installed. You may also specify a specific version of a module that should be installed by including a comma after the module name, followed by the desired version. e.g. PSDscResources; SqlServerDsc, 12.0.0.0; ComputerManagementDsc, 6.1.0.0"
      }
    }
  },
  "policyRule": {
    "if": {
      "anyOf": [
        {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.Compute/virtualMachines"
            },
            {
              "anyOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "in": [
                    "esri",
                    "incredibuild",
                    "MicrosoftDynamicsAX",
                    "MicrosoftSharepoint",
                    "MicrosoftVisualStudio",
                    "MicrosoftWindowsDesktop",
                    "MicrosoftWindowsServerHPCPack"
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "MicrosoftWindowsServer"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "2008*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "MicrosoftSQLServer"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "notLike": "SQL2008*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoft-dsvm"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "dsvm-windows"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoft-ads"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "in": [
                        "standard-data-science-vm",
                        "windows-data-science-vm"
                      ]
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "batch"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "rendering-windows2016"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "center-for-internet-security-inc"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "cis-windows-server-201*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "pivotal"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "bosh-windows-server*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "cloud-infrastructure-services"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "ad*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "anyOf": [
                        {
                          "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
                          "exists": "true"
                        },
                        {
                          "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                          "like": "Windows*"
                        }
                      ]
                    },
                    {
                      "anyOf": [
                        {
                          "field": "Microsoft.Compute/imageSKU",
                          "exists": "false"
                        },
                        {
                          "allOf": [
                            {
                              "field": "Microsoft.Compute/imageSKU",
                              "notLike": "2008*"
                            },
                            {
                              "field": "Microsoft.Compute/imageOffer",
                              "notLike": "SQL2008*"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          ]
        },
        {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.HybridCompute/machines"
            },
            {
              "field": "Microsoft.HybridCompute/imageOffer",
              "like": "windows*"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "deployIfNotExists",
      "details": {
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
        "name": "WindowsPowerShellModules",
        "existenceCondition": {
          "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
          "equals": "[base64(concat('[PowerShellModules]PowerShellModules1;Modules', '=', parameters('Modules')))]"
        },
        "deployment": {
          "properties": {
            "mode": "incremental",
            "parameters": {
              "vmName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              },
              "type": {
                "value": "[field('type')]"
              },
              "configurationName": {
                "value": "WindowsPowerShellModules"
              },
              "Modules": {
                "value": "[parameters('Modules')]"
              }
            },
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "vmName": {
                  "type": "string"
                },
                "location": {
                  "type": "string"
                },
                "type": {
                  "type": "string"
                },
                "configurationName": {
                  "type": "string"
                },
                "Modules": {
                  "type": "string"
                }
              },
              "resources": [
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]",
                  "apiVersion": "2018-11-20",
                  "type": "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments",
                  "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                  "location": "[parameters('location')]",
                  "properties": {
                    "guestConfiguration": {
                      "name": "[parameters('configurationName')]",
                      "version": "1.*",
                      "configurationParameter": [
                        {
                          "name": "[PowerShellModules]PowerShellModules1;Modules",
                          "value": "[parameters('Modules')]"
                        }
                      ]
                    }
                  }
                },
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                  "apiVersion": "2018-11-20",
                  "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments",
                  "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                  "location": "[parameters('location')]",
                  "properties": {
                    "guestConfiguration": {
                      "name": "[parameters('configurationName')]",
                      "version": "1.*",
                      "configurationParameter": [
                        {
                          "name": "[PowerShellModules]PowerShellModules1;Modules",
                          "value": "[parameters('Modules')]"
                        }
                      ]
                    }
                  }
                },
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                  "apiVersion": "2019-07-01",
                  "type": "Microsoft.Compute/virtualMachines",
                  "identity": {
                    "type": "SystemAssigned"
                  },
                  "name": "[parameters('vmName')]",
                  "location": "[parameters('location')]"
                },
                {
                  "condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
                  "apiVersion": "2019-07-01",
                  "name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]",
                  "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                  "properties": {
                    "publisher": "Microsoft.GuestConfiguration",
                    "type": "ConfigurationforWindows",
                    "typeHandlerVersion": "1.1",
                    "autoUpgradeMinorVersion": true,
                    "settings": {},
                    "protectedSettings": {}
                  },
                  "dependsOn": [
                    "[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]"
                  ]
                }
              ]
            }
          }
        }
      }
    }
  }
}