last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Microsoft IaaSAntimalware extension should be deployed on Windows servers

Name Microsoft IaaSAntimalware extension should be deployed on Windows servers
Azure Portal
Id 9b597639-28e4-48eb-b506-56b05d366257
Version 1.0.0
details on versioning
Category Compute
Microsoft docs
Description This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: DoD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133 Regulatory Compliance Deprecated
[Preview]: Australian Government ISM PROTECTED 27272c0b-c225-4cc3-b8b0-f2534b093077 Regulatory Compliance Preview
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
[Preview]: NIST SP 800-171 R2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance Preview
JSON
{
  "displayName": "Microsoft IaaSAntimalware extension should be deployed on Windows servers",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.",
  "metadata": {
    "version": "1.0.0",
    "category": "Compute"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "field": "Microsoft.Compute/imagePublisher",
          "equals": "MicrosoftWindowsServer"
        },
        {
          "field": "Microsoft.Compute/imageOffer",
          "equals": "WindowsServer"
        },
        {
          "field": "Microsoft.Compute/imageSKU",
          "in": [
            "2008-R2-SP1",
            "2008-R2-SP1-smalldisk",
            "2012-Datacenter",
            "2012-Datacenter-smalldisk",
            "2012-R2-Datacenter",
            "2012-R2-Datacenter-smalldisk",
            "2016-Datacenter",
            "2016-Datacenter-Server-Core",
            "2016-Datacenter-Server-Core-smalldisk",
            "2016-Datacenter-smalldisk",
            "2016-Datacenter-with-Containers",
            "2016-Datacenter-with-RDSH",
            "2019-Datacenter",
            "2019-Datacenter-Core",
            "2019-Datacenter-Core-smalldisk",
            "2019-Datacenter-Core-with-Containers",
            "2019-Datacenter-Core-with-Containers-smalldisk",
            "2019-Datacenter-smalldisk",
            "2019-Datacenter-with-Containers",
            "2019-Datacenter-with-Containers-smalldisk"
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Compute/virtualMachines/extensions",
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.Compute/virtualMachines/extensions/type",
              "equals": "IaaSAntimalware"
            },
            {
              "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
              "equals": "Microsoft.Azure.Security"
            }
          ]
        }
      }
    }
  }
}