AzPolicyAdvertizer

last sync: 2023-Nov-02 19:38:52 UTC

Community Policy definition

Deploy Windows VM Application

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Display name Deploy Windows VM Application
Id community_b83d392d-3a11-41ac-bf39-c6ee381b9255
Version 1.0.0
Details on versioning
Category Compute
Microsoft Learn
Description This policy will deploy a vm application to Windows virtual machines. You will need to assign the managed identity the reader role to the Azure Compute Gallery where the application resides. Users or service principles deploying virtual machines will also need the reader role assigned to the Azure Compute Gallery for the policy to take effect during new virtual machine deployments
Mode Indexed
Type Custom Community
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
Used RBAC Role
Role Name Role Id
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType true
THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/virtualMachines/applicationProfile.galleryApplications[*] Microsoft.Compute virtualMachines properties.applicationProfile.galleryApplications[*] false
Microsoft.Compute/virtualMachines/applicationProfile.galleryApplications[*].packageReferenceId Microsoft.Compute virtualMachines properties.applicationProfile.galleryApplications[*].packageReferenceId false
Rule resource types IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (1)
Microsoft.Compute/virtualMachines/VMapplications
JSON
EPAC