|
Policy Rule
|
{
"properties": {
"displayName": "[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified Windows PowerShell modules installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
"metadata": {
"version": "1.2.0-deprecated",
"category": "Guest Configuration",
"requiredProviders": [
"Microsoft.GuestConfiguration"
],
"deprecated": true
},
"parameters": {
"Modules": {
"type": "String",
"metadata": {
"displayName": "[Deprecated]: PowerShell Modules",
"description": "A semicolon-separated list of the names of the PowerShell modules that should be installed. You may also specify a specific version of a module that should be installed by including a comma after the module name, followed by the desired version. e.g. PSDscResources; SqlServerDsc, 12.0.0.0; ComputerManagementDsc, 6.1.0.0"
}
}
},
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"in": [
"esri",
"incredibuild",
"MicrosoftDynamicsAX",
"MicrosoftSharepoint",
"MicrosoftVisualStudio",
"MicrosoftWindowsDesktop",
"MicrosoftWindowsServerHPCPack"
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServer"
},
{
"field": "Microsoft.Compute/imageSKU",
"notLike": "2008*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftSQLServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"notLike": "SQL2008*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "microsoft-dsvm"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "dsvm-windows"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "microsoft-ads"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"standard-data-science-vm",
"windows-data-science-vm"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "batch"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "rendering-windows2016"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "center-for-internet-security-inc"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "cis-windows-server-201*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "pivotal"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "bosh-windows-server*"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "cloud-infrastructure-services"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "ad*"
}
]
},
{
"allOf": [
{
"anyOf": [
{
"field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
"exists": "true"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
"like": "Windows*"
}
]
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"exists": "false"
},
{
"allOf": [
{
"field": "Microsoft.Compute/imageSKU",
"notLike": "2008*"
},
{
"field": "Microsoft.Compute/imageOffer",
"notLike": "SQL2008*"
}
]
}
]
}
]
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/machines"
},
{
"field": "Microsoft.HybridCompute/imageOffer",
"like": "windows*"
}
]
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
"name": "WindowsPowerShellModules",
"existenceCondition": {
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
"equals": "[base64(concat('[PowerShellModules]PowerShellModules1;Modules', '=', parameters('Modules')))]"
},
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"vmName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
},
"type": {
"value": "[field('type')]"
},
"configurationName": {
"value": "WindowsPowerShellModules"
},
"Modules": {
"value": "[parameters('Modules')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"type": {
"type": "string"
},
"configurationName": {
"type": "string"
},
"Modules": {
"type": "string"
}
},
"resources": [
{
"condition": "[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]",
"apiVersion": "2018-11-20",
"type": "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments",
"name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
"location": "[parameters('location')]",
"properties": {
"guestConfiguration": {
"name": "[parameters('configurationName')]",
"version": "1.*",
"configurationParameter": [
{
"name": "[PowerShellModules]PowerShellModules1;Modules",
"value": "[parameters('Modules')]"
}
]
}
}
},
{
"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
"apiVersion": "2018-11-20",
"type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments",
"name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
"location": "[parameters('location')]",
"properties": {
"guestConfiguration": {
"name": "[parameters('configurationName')]",
"version": "1.*",
"configurationParameter": [
{
"name": "[PowerShellModules]PowerShellModules1;Modules",
"value": "[parameters('Modules')]"
}
]
}
}
},
{
"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
"apiVersion": "2019-07-01",
"type": "Microsoft.Compute/virtualMachines",
"identity": {
"type": "SystemAssigned"
},
"name": "[parameters('vmName')]",
"location": "[parameters('location')]"
},
{
"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]",
"apiVersion": "2019-07-01",
"name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.GuestConfiguration",
"type": "ConfigurationforWindows",
"typeHandlerVersion": "1.1",
"autoUpgradeMinorVersion": true,
"settings": {
},
"protectedSettings": {
}
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]"
]
}
]
}
}
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "90ba2ee7-4ca8-4673-84d1-c851c50d3baf"
}
|