last sync: 2025-Mar-14 18:30:04 UTC

Enforce Azure Compute Security Benchmark compliance auditing

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-ACSB
Display nameEnforce Azure Compute Security Benchmark compliance auditing
IdEnforce-ACSB
Version1.1.0
Details on versioning
CategoryGuest Configuration
DescriptionEnforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.
Cloud environments AzureCloud
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 5
Builtin Policies: 5
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify
1 Contributor GA BuiltIn true
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists
1 Contributor GA BuiltIn true
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists
1 Contributor GA BuiltIn true
Linux machines should meet requirements for the Azure compute security baseline fc9b3da7-8347-4380-8e70-0a0361d8dedd Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn true
Windows machines should meet requirements of the Azure compute security baseline 72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn true
Roles used
History none
JSON compare n/a
JSON
EPAC