AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images

Name

Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images
Azure Portal

e2dd799a-a932-4e9d-ac17-d473bc3c6c10

Version

2.0.0
details on versioning

Category

Monitoring
Microsoft docs

Description

Reports virtual machine scale sets as non-compliant if the virtual machine image is not in the list defined and the agent is not installed. The list of OS images is updated over time as support is updated.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

RBAC
Role(s)

none

Rule
Aliases

IF (4)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageId	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.id properties.virtualMachineProfile.storageProfile.imageReference.id properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.publisher	false

Rule
ResourceTypes

IF (1)
Microsoft.Compute/virtualMachineScaleSets

Compliance

The following 3 compliance controls are associated with this Policy definition 'Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images' (e2dd799a-a932-4e9d-ac17-d473bc3c6c10)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
ISO27001-2013	A.12.4.1	ISO27001-2013_A.12.4.1	ISO 27001:2013 A.12.4.1	Operations Security	Event Logging	Shared	n/a	Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed.	link	53
ISO27001-2013	A.12.4.3	ISO27001-2013_A.12.4.3	ISO 27001:2013 A.12.4.3	Operations Security	Administrator and operator logs	Shared	n/a	System administrator and system operator activities shall be logged and the logs protected and regularly reviewed.	link	29
ISO27001-2013	A.12.4.4	ISO27001-2013_A.12.4.4	ISO 27001:2013 A.12.4.4	Operations Security	Clock Synchronization	Shared	n/a	The clocks of all relevant information processing systems within an organization or security domain shall be synchronized to a single reference time source.	link	8

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-02 15:11:40	change	Major (1.0.1 > 2.0.0)
2020-04-22 04:43:16	change	Previous DisplayName: [Preview]: Audit Dependency Agent Deployment in Virtual Machine Scale Sets - VM Image (OS) unlisted
2020-02-29 21:43:10	change	Previous DisplayName: [Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: SWIFT CSP-CSCF v2020	3e0c67fc-8c7c-406c-89bd-6b6bdc986a22	Regulatory Compliance	Preview	BuiltIn
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn
Legacy - Enable Azure Monitor for Virtual Machine Scale Sets	75714362-cae7-409e-9b99-a8e5075b7fad	Monitoring	GA	BuiltIn

JSON