AzPolicyAdvertizer

last sync: 2022-Jun-28 16:32:57 UTC

Azure Policy definition

[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets

Name

[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets
Azure Portal

f655e522-adff-494d-95c2-52d4f6d56a42

Version

2.0.0-preview
details on versioning

Category

Security Center
Microsoft docs

Description

Install Guest Attestation extension on supported virtual machines scale sets to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment only applies to trusted launch enabled virtual machine scale sets.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

FALSE

Effect

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role

none

Rule Aliases

IF (5)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.securityType	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.securityType	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.uefiSettings	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.uefiSettings.secureBootEnabled	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.securityProfile.uefiSettings.vTpmEnabled	false
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.imageReference.offer	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.storageProfile.imageReference.offer	true

THEN-ExistenceCondition (3)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.provisioningState	false
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.publisher	false
Microsoft.Compute/virtualMachineScaleSets/extensions/type	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.type	false

Rule ResourceTypes

IF (1)
Microsoft.Compute/virtualMachineScaleSets

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-11-12 16:23:07	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-05-04 14:34:06	add	f655e522-adff-494d-95c2-52d4f6d56a42

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Azure Security Benchmark	1f3afdf9-d0c9-4c3d-847f-89da613e70a8	Security Center	GA	BuiltIn

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

AzPolicyAdvertizer

Azure Policy definition

[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets

JSON Left

JSON Right