AzInitiativeAdvertizer

last sync: 2021-Jul-08 14:19:52 UTC

Azure Policy Initiative

[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines

Name [Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines
Azure Portal

Id a15f3269-2e10-458c-87a4-d5989e678a73

Version 2.0.0-preview
details on versioning

Category Monitoring
Microsoft docs

Description Configure machines to automatically install the Azure Monitor and Azure Security agents. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the machine to store audit records. This policy only applies to VMs in a few regions.

Type BuiltIn

Deprecated False

Preview True

History

Date/Time (UTC ymd) (i)	Changes
2021-06-22 14:29:04	add Policy [Preview]: Configure machines to automatically create the Azure Security Center pipeline for Azure Monitor Agent (8b5ad9ab-3d44-4a6e-9ac3-75b04ea5fd28)
2021-01-22 09:14:56	add Initiative a15f3269-2e10-458c-87a4-d5989e678a73

Policy count Total Policies: 6
Builtin Policies: 6
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State
[ASC Private Preview] Configure system-assigned managed identity to enable Azure Monitor assignments on VMs	17b3de92-f710-4cf4-aa55-0e7859f1ed7b	Monitoring	Default: Modify Allowed: (Modify, Disabled)	Preview
[Preview]: Configure machines to automatically create the Azure Security Center pipeline for Azure Monitor Agent	8b5ad9ab-3d44-4a6e-9ac3-75b04ea5fd28	Security Center	Default: DeployIfNotExists Allowed: (DeployIfNotExists, Disabled)	Preview
[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent	5f8eb305-9c9f-4abe-9bb0-df220d9faba2	Security Center	Default: DeployIfNotExists Allowed: (DeployIfNotExists, Disabled)	Preview
[Preview]: Deploy - Configure Windows machines to automatically install the Azure Security agent	1537496a-b1e8-482b-a06a-1cc2415cdc7b	Security Center	Default: DeployIfNotExists Allowed: (DeployIfNotExists, Disabled)	Preview
Configure Linux virtual machines with Azure Monitor Agent	a4034bc6-ae50-406d-bf76-50f4ee5a7811	Monitoring	Default: DeployIfNotExists Allowed: (DeployIfNotExists, Disabled)	GA
Configure Windows virtual machines with Azure Monitor Agent	ca817e41-e85a-4783-bc7f-dc532d36235e	Monitoring	Default: DeployIfNotExists Allowed: (DeployIfNotExists, Disabled)	GA

JSON

{
  "properties": {
  "displayName": "[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines",
    "policyType": "BuiltIn",
    "description": "Configure machines to automatically install the Azure Monitor and Azure Security agents. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the machine to store audit records. This policy only applies to VMs in a few regions.",
    "metadata": {
      "category": "Monitoring",
      "version": "2.0.0-preview",
      "preview": true
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Prerequisite_AddSystemIdentity",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b"
      },
      {
        "policyDefinitionReferenceId": "Prerequisite_DeployExtensionLinux",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811"
      },
      {
        "policyDefinitionReferenceId": "Prerequisite_DeployExtensionWindows",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e"
      },
      {
        "policyDefinitionReferenceId": "ASC_DeployAzureSecurityLinuxAgent",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2"
      },
      {
        "policyDefinitionReferenceId": "ASC_DeployAzureSecurityWindowsAgent",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b"
      },
      {
        "policyDefinitionReferenceId": "ASC_AMA_DefaultPipeline_Deploy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8b5ad9ab-3d44-4a6e-9ac3-75b04ea5fd28"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/a15f3269-2e10-458c-87a4-d5989e678a73",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "a15f3269-2e10-458c-87a4-d5989e678a73"
}