last sync: 2024-Feb-21 20:03:25 UTC

[Preview]: Configure supported Linux virtual machines to automatically enable Secure Boot

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Configure supported Linux virtual machines to automatically enable Secure Boot
Id 95406fc3-1f69-47b0-8105-4c03b276ec5c
Version 5.0.0-preview
Details on versioning
Category Security Center
Microsoft Learn
Description Configure supported Linux virtual machines to automatically enable Secure Boot to mitigate against malicious and unauthorized changes to the boot chain. Once enabled, only trusted bootloaders, kernel and kernel drivers will be allowed to run.
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Rule aliases IF (7)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imageSku Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/virtualMachines/securityProfile.securityType Microsoft.Compute virtualMachines properties.securityProfile.securityType false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.secureBootEnabled false
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType true
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled Microsoft.Compute virtualMachines properties.securityProfile.uefiSettings.secureBootEnabled false
Rule resource types IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (1)
Microsoft.Compute/virtualMachines
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-11-12 16:23:07 change Major, suffix remains equal (2.0.0-preview > 5.0.0-preview)
2021-08-23 14:26:16 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-06-08 15:17:13 add 95406fc3-1f69-47b0-8105-4c03b276ec5c
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC