last sync: 2022-Nov-25 17:41:58 UTC

Azure Policy definition

[Preview]: Machines should be configured to periodically check for missing system updates

Name [Preview]: Machines should be configured to periodically check for missing system updates
Azure Portal
Id bd876905-5b84-4f73-ab2d-2e7a7c4568d9
Version 2.0.0-preview
details on versioning
Category Update Management Center
Microsoft docs
Description To ensure periodic assessments for missing system updates are triggered automatically every 24 hours, the AssessmentMode property should be set to 'AutomaticByPlatform'. Learn more about AssessmentMode property for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC
Role(s)
none
Rule
Aliases
IF (3)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
false
false
false
Rule
ResourceTypes
IF (2)
Microsoft.Compute/virtualMachines
Microsoft.HybridCompute/machines
Compliance The following 1 compliance controls are associated with this Policy definition '[Preview]: Machines should be configured to periodically check for missing system updates' (bd876905-5b84-4f73-ab2d-2e7a7c4568d9)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Azure Security Benchmark PV-6 Posture and Vulnerability Management Rapidly and automatically remediate vulnerabilities Shared **Security Principle:** Rapidly and automatically deploy patches and updates to remediate vulnerabilities in your cloud resources. Use the appropriate risk-based approach to prioritize the remediation of the vulnerabilities. For example, more severe vulnerabilities in a higher value asset should be addressed as a higher priority. **Azure Guidance:** Use Azure Automation Update Management or a third-party solution to ensure that the most recent security updates are installed on your Windows and Linux VMs. For Windows VMs, ensure Windows Update has been enabled and set to update automatically. For third-party software, use a third-party patch management solution or System Center Updates Publisher for Configuration Manager. Prioritize which updates to deploy first using a common risk scoring program (such as Common Vulnerability Scoring System) or the default risk ratings provided by your third-party scanning tool and tailor to your environment. You should also consider which applications present a high security risk and which ones require high uptime. **Implementation and additional context:** How to configure Update Management for virtual machines in Azure: https://docs.microsoft.com/azure/automation/update-management/overview Manage updates and patches for your Azure VMs: https://docs.microsoft.com/azure/automation/update-management/manage-updates-for-vm n/a link 16
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-21 16:42:13 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-10-08 15:47:40 add bd876905-5b84-4f73-ab2d-2e7a7c4568d9
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
JSON
changes

JSON