AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Preview]: Configure supported virtual machines to automatically enable vTPM

Name

[Preview]: Configure supported virtual machines to automatically enable vTPM
Azure Portal

e494853f-93c3-4e44-9210-d12f61a64b34

Version

2.0.0-preview
details on versioning

Category

Security Center
Microsoft docs

Description

Configure supported virtual machines to automatically enable vTPM to facilitate Measured Boot and other OS security features that require a TPM. Once enabled, vTPM can be used to attest boot integrity.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC
Role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Rule
Aliases

IF (3)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachines/securityProfile.securityType	Microsoft.Compute	virtualMachines	properties.securityProfile.securityType	false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings	false
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings.vTpmEnabled	false

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled	Microsoft.Compute	virtualMachines	properties.securityProfile.uefiSettings.vTpmEnabled	false

Rule
ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (1)
Microsoft.Compute/virtualMachines

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-11-12 16:23:07	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-06-08 15:17:13	add	e494853f-93c3-4e44-9210-d12f61a64b34

Initiatives
usage

none

JSON