last sync: 2024-Apr-24 17:47:19 UTC

[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs
Id281d9e47-d14d-4f05-b8eb-18f2c4a034ff
Version3.0.0-preview
Details on versioning
CategoryTrusted Launch
Microsoft Learn
DescriptionConfigure the Trusted Launch enabled virtual machines to automatically install the Guest Attestation extension and enable system-assigned managed identity to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. For more details, please refer to the following link - https://aka.ms/trustedlaunch
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 7
Builtin Policies: 7
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension 57c2e3f0-98cf-4c3b-aa6b-e8f70726e74e Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure supported Linux virtual machines to automatically install the Guest Attestation extension 6074e9a3-c711-4856-976d-24d51f9e065b Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure supported Windows virtual machine scale sets to automatically install the Guest Attestation extension c9b2ae08-09e2-4f0e-bb43-b60bf0135bdf Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure supported Windows virtual machines to automatically install the Guest Attestation extension 98ea2fc7-6fc6-4fd1-9d8d-6331154da071 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs 17b3de92-f710-4cf4-aa55-0e7859f1ed7b Monitoring Default
Modify
Allowed
Modify, Disabled
3 Managed Identity Contributor, Managed Identity Operator, Virtual Machine Contributor Preview
[Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension 496e010e-fa91-4c00-be4b-92b481f67b58 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Reader, Virtual Machine Contributor Preview
[Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension 009259b0-12e8-42c9-94e7-7af86aa58d13 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Reader, Virtual Machine Contributor Preview
Roles used Total Roles usage: 11
Total Roles unique usage: 4
Role Role Id Policies count Policies
Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 2 [Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension, [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c 7 [Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension, [Preview]: Configure supported Linux virtual machines to automatically install the Guest Attestation extension, [Preview]: Configure supported Windows virtual machine scale sets to automatically install the Guest Attestation extension, [Preview]: Configure supported Windows virtual machines to automatically install the Guest Attestation extension, [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs, [Preview]: Configure VMs created with Shared Image Gallery images to install the Guest Attestation extension, [Preview]: Configure VMSS created with Shared Image Gallery images to install the Guest Attestation extension
Managed Identity Operator f1a07417-d97a-45cb-824c-7a7467783830 1 [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs
Managed Identity Contributor e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 1 [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs
History
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC