AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Preview]: Add user-assigned managed identity to enable Guest Configuration assignments on virtual machines

Name

[Preview]: Add user-assigned managed identity to enable Guest Configuration assignments on virtual machines
Azure Portal

f40c7c00-b4e3-4068-a315-5fe81347a904

Version

2.0.1-preview
details on versioning

Category

Guest Configuration
Microsoft docs

Description

This policy adds a user-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration. A user-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default
DeployIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled

RBAC
Role(s)

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c
User Access Administrator	18d7d88d-d35e-4fb5-a5c3-7773c20a72d9

Rule
Aliases

IF (6)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.linuxConfiguration	true
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true

Rule
ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines
THEN-Deployment (5)
Microsoft.Authorization/locks
Microsoft.Compute/virtualMachines
Microsoft.ManagedIdentity/userAssignedIdentities
Microsoft.Resources/deployments
Microsoft.Resources/resourceGroups

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-02-10 18:41:56	change	Patch, suffix remains equal (2.0.0-preview > 2.0.1-preview)
2022-08-26 16:33:38	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2022-06-24 19:15:47	add	f40c7c00-b4e3-4068-a315-5fe81347a904

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines using user-assigned managed identity	2b0ce52e-301c-4221-ab38-1601e2b4cee3	Guest Configuration	Preview	BuiltIn
Configure secure communication protocols(TLS 1.1 or TLS 1.2) on Windows machine(including prerequisites)	ee6f9c39-ca6c-4937-b5b7-f6d9775a6f17	Guest Configuration	GA	BuiltIn

JSON