AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Virtual Machine should have TrustedLaunch enabled

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Virtual Machine should have TrustedLaunch enabled

c95b54ad-0614-4633-ab29-104b01235cbf

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]

Category

Trusted Launch
Microsoft Learn

Description

Enable TrustedLaunch on Virtual Machine for enhanced security, use VM SKU (Gen 2) that supports TrustedLaunch. To learn more about TrustedLaunch, visit https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

IF (4)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/virtualMachines/securityProfile	Microsoft.Compute	virtualMachines	properties.securityProfile	True	True
Microsoft.Compute/virtualMachines/securityProfile.securityType	Microsoft.Compute	virtualMachines	properties.securityProfile.securityType	True	False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings.secureBootEnabled	True	False
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings.vTpmEnabled	True	False

Rule resource types

IF (1)

Microsoft.Compute/virtualMachines

Compliance

The following 1 compliance controls are associated with this Policy definition 'Virtual Machine should have TrustedLaunch enabled' (c95b54ad-0614-4633-ab29-104b01235cbf)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
SO	.5 - Trusted Launch	SO.5 - Trusted Launch	404 not found				n/a	n/a		2

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
Audit virtual machines for Trusted Launch support	Audit-TrustedLaunch	Trusted Launch	GA	ALZ
Sovereignty Baseline - Global Policies	c1cbff38-87c0-4b9f-9f70-035c7a3b5523	Regulatory Compliance	GA	BuiltIn	unknown

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-03-11 18:31:50	add	c95b54ad-0614-4633-ab29-104b01235cbf

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC