AzPolicyAdvertizer

last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Only approved VM extensions should be installed

Name Only approved VM extensions should be installed
Azure Portal
Id c0e996f8-39cf-4af9-9f45-83fbde810432
Version 1.0.0
details on versioning
Category Compute
Microsoft docs
Description This policy governs the virtual machine extensions that are not approved.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA
JSON 
{
  "displayName": "Only approved VM extensions should be installed",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy governs the virtual machine extensions that are not approved.",
  "metadata": {
    "version": "1.0.0",
    "category": "Compute"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "The effect determines what happens when the policy rule is evaluated to match"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "approvedExtensions": {
      "type": "Array",
      "metadata": {
        "description": "The list of approved extension types that can be installed. Example: AzureDiskEncryption",
        "displayName": "Approved extensions"
      }
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines/extensions"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/extensions/type",
          "notIn": "[parameters('approvedExtensions')]"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  }
}