AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs

281d9e47-d14d-4f05-b8eb-18f2c4a034ff

Version

3.0.0-preview
Details on versioning

Category

Trusted Launch
Microsoft Learn

Description

Configure the Trusted Launch enabled virtual machines to automatically install the Guest Attestation extension and enable system-assigned managed identity to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. For more details, please refer to the following link - https://aka.ms/trustedlaunch

Type

BuiltIn

Deprecated

False

Preview

True

Policy count

Total Policies: 7
Builtin Policies: 7
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State
[Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension	57c2e3f0-98cf-4c3b-aa6b-e8f70726e74e	Security Center	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	1	Virtual Machine Contributor	Preview
[Preview]: Configure supported Linux virtual machines to automatically install the Guest Attestation extension	6074e9a3-c711-4856-976d-24d51f9e065b	Security Center	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	1	Virtual Machine Contributor	Preview
[Preview]: Configure supported Windows virtual machine scale sets to automatically install the Guest Attestation extension	c9b2ae08-09e2-4f0e-bb43-b60bf0135bdf	Security Center	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	1	Virtual Machine Contributor	Preview
[Preview]: Configure supported Windows virtual machines to automatically install the Guest Attestation extension	98ea2fc7-6fc6-4fd1-9d8d-6331154da071	Security Center	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	1	Virtual Machine Contributor	Preview
[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs	17b3de92-f710-4cf4-aa55-0e7859f1ed7b	Monitoring	Default Modify Allowed Modify, Disabled	3	Managed Identity Contributor, Managed Identity Operator, Virtual Machine Contributor	Preview
[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension	496e010e-fa91-4c00-be4b-92b481f67b58	Security Center	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	2	Reader, Virtual Machine Contributor	Preview
[Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension	009259b0-12e8-42c9-94e7-7af86aa58d13	Security Center	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	2	Reader, Virtual Machine Contributor	Preview

Roles used

Total Roles usage: 11
Total Roles unique usage: 4

Role	Role Id	Policies count	Policies
Reader	acdd72a7-3385-48ef-bd42-f606fba81ae7	2	[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension, [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c	7	[Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension, [Preview]: Configure supported Linux virtual machines to automatically install the Guest Attestation extension, [Preview]: Configure supported Windows virtual machine scale sets to automatically install the Guest Attestation extension, [Preview]: Configure supported Windows virtual machines to automatically install the Guest Attestation extension, [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs, [Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension, [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension
Managed Identity Contributor	e40ec5ca-96e0-45a2-b4ff-59039f2c2b59	1	[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs
Managed Identity Operator	f1a07417-d97a-45cb-824c-7a7467783830	1	[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs

History

Date/Time (UTC ymd) (i)	Changes
2021-10-29 15:48:14	add Policy [Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension (496e010e-fa91-4c00-be4b-92b481f67b58) add Policy [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension (009259b0-12e8-42c9-94e7-7af86aa58d13)
2021-09-10 15:51:18	add Initiative 281d9e47-d14d-4f05-b8eb-18f2c4a034ff

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC