AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

Enforce Azure Compute Security Benchmark compliance auditing

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-ACSB
Display nameEnforce Azure Compute Security Benchmark compliance auditing
IdEnforce-ACSB
Version1.0.0
Details on versioning
CategoryGuest Configuration
DescriptionEnforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 5
Builtin Policies: 5
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify		 1 Contributor GA BuiltIn
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists		 1 Contributor GA BuiltIn
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists		 1 Contributor GA BuiltIn
Linux machines should meet requirements for the Azure compute security baseline fc9b3da7-8347-4380-8e70-0a0361d8dedd Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA BuiltIn
Windows machines should meet requirements of the Azure compute security baseline 72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA BuiltIn
Roles used
History none
JSON compare n/a
JSON
EPAC