AzPolicyAdvertizer

last sync: 2023-Jun-07 17:44:43 UTC

Azure Policy definition

[Preview]: Virtual machines guest attestation status should be healthy

Name

[Preview]: Virtual machines guest attestation status should be healthy
Azure Portal

f6358610-e532-4236-b178-4c65865eb262

Version

1.0.0-preview
details on versioning

Category

Security Center
Microsoft docs

Description

Guest attestation is performed by sending a trusted log (TCGLog) to an attestation server. The server uses these logs to determine whether boot components are trustworthy. This assessment is intended to detect compromises of the boot chain which might be the result of a bootkit or rootkit infection. This assessment only applies to Trusted Launch enabled virtual machines that have Guest Attestation extension installed.

Mode

All

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

RBAC
Role(s)

none

Rule
Aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachines/extensions/publisher	Microsoft.Compute	virtualMachines/extensions	properties.publisher	false

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Security/assessments/status.code	Microsoft.Security	assessments	properties.status.code	false

Rule
ResourceTypes

IF (1)
Microsoft.Compute/virtualMachines/extensions

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-05-26 13:43:16	add	f6358610-e532-4236-b178-4c65865eb262

Initiatives
usage

none

JSON