| Policy DisplayName |
Policy Id |
Category |
Version |
Versioning |
Effect |
Roles# |
Roles |
State |
policy in AzUSGov |
| Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities |
3cf2ab00-13f1-4d0c-8971-2ac904541a7e |
Guest Configuration |
4.1.0 |
2x
4.1.0, 4.0.0 |
Fixed
modify |
1 |
Contributor |
GA |
true |
| Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity |
497dff13-db2a-4c0f-8603-28fa3b331ab6 |
Guest Configuration |
4.1.0 |
2x
4.1.0, 4.0.0 |
Fixed
modify |
1 |
Contributor |
GA |
true |
| Configure ChangeTracking Extension for Linux Arc machines |
10caed8a-652c-4d1d-84e4-2805b7c07278 |
Security Center |
2.1.0 |
2x
2.1.0, 2.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Azure Connected Machine Resource Administrator |
GA |
unknown |
| Configure ChangeTracking Extension for Linux virtual machines |
ec88097d-843f-4a92-8471-78016d337ba4 |
Security Center |
2.1.0 |
2x
2.1.0, 2.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Virtual Machine Contributor |
GA |
unknown |
| Configure ChangeTracking Extension for Windows Arc machines |
4bb303db-d051-4099-95d2-e3e1428a4cd5 |
Security Center |
2.1.0 |
2x
2.1.0, 2.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Azure Connected Machine Resource Administrator |
GA |
unknown |
| Configure ChangeTracking Extension for Windows virtual machines |
f08f556c-12ff-464d-a7de-40cb5b6cccec |
Security Center |
2.1.0 |
2x
2.1.0, 2.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Virtual Machine Contributor |
GA |
unknown |
| Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory |
09a1f130-7697-42bc-8d84-8a9ea17e5192 |
ChangeTrackingAndInventory |
1.1.0 |
2x
1.1.0, 1.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
2 |
Log Analytics Contributor, Monitoring Contributor |
GA |
unknown |
| Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory |
09a1f130-7697-42bc-8d84-8a9ea17e5187 |
ChangeTrackingAndInventory |
1.4.0 |
3x
1.4.0, 1.3.0-preview, 1.2.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Azure Connected Machine Resource Administrator |
GA |
unknown |
| Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory |
bef2d677-e829-492d-9a3d-f5a20fda818f |
ChangeTrackingAndInventory |
1.1.0 |
2x
1.1.0, 1.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
2 |
Log Analytics Contributor, Monitoring Contributor |
GA |
unknown |
| Configure Linux VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity |
56d0ed2b-60fc-44bf-af81-a78c851b5fe1 |
ChangeTrackingAndInventory |
1.6.0 |
4x
1.6.0, 1.5.0-preview, 1.4.0-preview, 1.3.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Virtual Machine Contributor |
GA |
unknown |
| Configure periodic checking for missing system updates on azure Arc-enabled servers |
bfea026e-043f-4ff4-9d1b-bf301ca7ff46 |
Azure Update Manager |
2.3.0 |
2x
2.3.0, 2.2.1 |
Fixed
modify |
1 |
Azure Connected Machine Resource Administrator |
GA |
unknown |
| Configure periodic checking for missing system updates on azure virtual machines |
59efceea-0c96-497e-a4a1-4eb2290dac15 |
Azure Update Manager |
4.9.0 |
6x
4.9.0, 4.8.0, 4.7.0, 4.6.0, 4.5.0, 4.4.1 |
Fixed
modify |
1 |
Contributor |
GA |
unknown |
| Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory |
ef9fe2ce-a588-4edd-829c-6247069dcfdb |
ChangeTrackingAndInventory |
1.1.0 |
2x
1.1.0, 1.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
2 |
Log Analytics Contributor, Monitoring Contributor |
GA |
unknown |
| Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory |
a7acfae7-9497-4a3f-a3b5-a16a50abbe2f |
ChangeTrackingAndInventory |
1.1.0 |
2x
1.1.0, 1.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Azure Connected Machine Resource Administrator |
GA |
unknown |
| Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory |
b6faa975-0add-4f35-8d1c-70bba45c4424 |
ChangeTrackingAndInventory |
1.1.0 |
2x
1.1.0, 1.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
2 |
Log Analytics Contributor, Monitoring Contributor |
GA |
unknown |
| Configure Windows VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity |
ad1eeff9-20d7-4c82-a04e-903acab0bfc1 |
ChangeTrackingAndInventory |
1.2.0 |
3x
1.2.0, 1.1.0-preview, 1.0.0-preview |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Virtual Machine Contributor |
GA |
unknown |
| Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs |
331e8ea8-378a-410f-a2e5-ae22f38bb0da |
Guest Configuration |
3.2.0 |
3x
3.2.0, 3.1.0, 3.0.0 |
Fixed
deployIfNotExists |
1 |
Contributor |
GA |
true |
| Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs |
385f5831-96d4-41db-9a3c-cd3af78aaae6 |
Guest Configuration |
1.3.0 |
2x
1.3.0, 1.2.0 |
Fixed
deployIfNotExists |
1 |
Contributor |
GA |
true |
| Linux machines should meet requirements for the Azure compute security baseline |
fc9b3da7-8347-4380-8e70-0a0361d8dedd |
Guest Configuration |
2.2.0 |
2x
2.2.0, 2.1.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Windows machines should meet requirements of the Azure compute security baseline |
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc |
Guest Configuration |
2.0.0 |
1x
2.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |