last sync: 2024-Nov-04 18:56:26 UTC

Local authentication methods should be disabled on Linux machines

Azure BuiltIn Policy definition

Source Azure Portal
Display name Local authentication methods should be disabled on Linux machines
Id fad40cac-a972-4db0-b204-f1b15cced89a
Version 1.2.0-preview
Details on versioning
Versioning Versions supported for Versioning: 2
1.1.0-preview
1.2.0-preview
Built-in Versioning [Preview]
Category Guest Configuration
Microsoft Learn
Description Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux servers don't have local authentication methods disabled. This is to validate that Linux Servers can only be accessed by AAD (Azure Active Directory) account or a list of explicitly allowed users by this policy, improving overall security posture.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Guest Configuration Resource Contributor 088ab73d-1256-47ae-bea9-9de8e7131f31
Rule aliases IF (7)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration Microsoft.Compute virtualMachines properties.osProfile.linuxConfiguration True True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType True True
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType Microsoft.ConnectedVMwarevSphere virtualmachines properties.osProfile.osType True False
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName True False
THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus True False
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash Microsoft.GuestConfiguration guestConfigurationAssignments properties.parameterHash True False
Rule resource types IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-22 17:47:54 change Minor, suffix remains equal (1.1.0-preview > 1.2.0-preview)
2023-08-03 17:56:09 change Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
2022-12-21 17:43:51 add fad40cac-a972-4db0-b204-f1b15cced89a
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC