last sync: 2020-Jul-03 15:47:34 UTC

Azure Policy

Microsoft IaaSAntimalware extension should be deployed on Windows servers

Policy DisplayName Microsoft IaaSAntimalware extension should be deployed on Windows servers
Policy Id 9b597639-28e4-48eb-b506-56b05d366257
Policy Category Compute
Policy Description This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
[Preview]: NIST SP 800-171 R2 03055927-78bd-4236-86c0-f36125a10dc9
[Preview]: Australian Government ISM PROTECTED 27272c0b-c225-4cc3-b8b0-f2534b093077
[Deprecated]: DOD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133
Policy Rule
{
  "properties": {
    "displayName": "Microsoft IaaSAntimalware extension should be deployed on Windows servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.",
    "metadata": {
      "version": "1.0.0",
      "category": "Compute"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "field": "Microsoft.Compute/imagePublisher",
            "equals": "MicrosoftWindowsServer"
          },
          {
            "field": "Microsoft.Compute/imageOffer",
            "equals": "WindowsServer"
          },
          {
            "field": "Microsoft.Compute/imageSKU",
            "in": [
              "2008-R2-SP1",
              "2008-R2-SP1-smalldisk",
              "2012-Datacenter",
              "2012-Datacenter-smalldisk",
              "2012-R2-Datacenter",
              "2012-R2-Datacenter-smalldisk",
              "2016-Datacenter",
              "2016-Datacenter-Server-Core",
              "2016-Datacenter-Server-Core-smalldisk",
              "2016-Datacenter-smalldisk",
              "2016-Datacenter-with-Containers",
              "2016-Datacenter-with-RDSH",
              "2019-Datacenter",
              "2019-Datacenter-Core",
              "2019-Datacenter-Core-smalldisk",
              "2019-Datacenter-Core-with-Containers",
              "2019-Datacenter-Core-with-Containers-smalldisk",
              "2019-Datacenter-smalldisk",
              "2019-Datacenter-with-Containers",
              "2019-Datacenter-with-Containers-smalldisk"
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/type",
                "equals": "IaaSAntimalware"
              },
              {
                "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
                "equals": "Microsoft.Azure.Security"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9b597639-28e4-48eb-b506-56b05d366257"
}