last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

[Preview]: Virtual machines guest attestation status should be healthy

Name [Preview]: Virtual machines guest attestation status should be healthy
Azure Portal
Id f6358610-e532-4236-b178-4c65865eb262
Version 1.0.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Guest attestation is performed by sending a trusted log (TCGLog) to an attestation server. The server uses these logs to determine whether boot components are trustworthy. This assessment is intended to detect compromises of the boot chain which might be the result of a bootkit or rootkit infection. This assessment only applies to Trusted Launch enabled virtual machines that have Guest Attestation extension installed.
Mode All
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-05-26 13:43:16 add f6358610-e532-4236-b178-4c65865eb262
Used in Initiatives none
JSON
{
  "properties": {
  "displayName": "[Preview]: Virtual machines guest attestation status should be healthy",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Guest attestation is performed by sending a trusted log (TCGLog) to an attestation server. The server uses these logs to determine whether boot components are trustworthy. This assessment is intended to detect compromises of the boot chain which might be the result of a bootkit or rootkit infection. This assessment only applies to Trusted Launch enabled virtual machines that have Guest Attestation extension installed.",
    "metadata": {
      "category": "Security Center",
      "version": "1.0.0-preview",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines/extensions"
          },
          {
            "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
            "in": [
              "Microsoft.Azure.Security.WindowsAttestation",
              "Microsoft.Azure.Security.LinuxAttestation"
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "b7604066-ed76-45f9-a5c1-c97e4812dc55",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "NotApplicable",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/f6358610-e532-4236-b178-4c65865eb262",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "f6358610-e532-4236-b178-4c65865eb262"
}