AzInitiativeAdvertizer

last sync: 2021-May-17 14:22:47 UTC

Azure Policy Initiative

[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines

Name[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines
Azure Portal
Ida15f3269-2e10-458c-87a4-d5989e678a73
Version1.0.0-preview
details on versioning
CategoryMonitoring
Microsoft docs
DescriptionConfigure machines to automatically install the Azure Monitor and Azure Security agents. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the machine to store audit records. This policy only applies to VMs in a few regions.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
History
Date/Time (UTC ymd) (i) Changes
2021-01-22 09:14:56 add Initiative a15f3269-2e10-458c-87a4-d5989e678a73
Policy count Total Policies: 5
Builtin Policies: 5
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
[ASC Private Preview] Configure system-assigned managed identity to enable Azure Monitor assignments on VMs 17b3de92-f710-4cf4-aa55-0e7859f1ed7b Monitoring Default: Modify
Allowed: (Modify, Disabled)		 Preview
[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent 5f8eb305-9c9f-4abe-9bb0-df220d9faba2 Security Center Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)		 Preview
[Preview]: Deploy - Configure Linux Azure Monitor agent to enable Azure Monitor assignments on Linux virtual machines a4034bc6-ae50-406d-bf76-50f4ee5a7811 Monitoring Fixed: deployIfNotExists Preview
[Preview]: Deploy - Configure Windows Azure Monitor agent to enable Azure Monitor assignments on Windows virtual machines ca817e41-e85a-4783-bc7f-dc532d36235e Monitoring Fixed: deployIfNotExists Preview
[Preview]: Deploy - Configure Windows machines to automatically install the Azure Security agent 1537496a-b1e8-482b-a06a-1cc2415cdc7b Security Center Fixed: deployIfNotExists Preview
JSON 
{
  "properties": {
  "displayName": "[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines",
    "policyType": "BuiltIn",
    "description": "Configure machines to automatically install the Azure Monitor and Azure Security agents. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the machine to store audit records. This policy only applies to VMs in a few regions.",
    "metadata": {
      "category": "Monitoring",
      "version": "1.0.0-preview",
      "preview": true
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Prerequisite_AddSystemIdentity",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b"
      },
      {
        "policyDefinitionReferenceId": "Prerequisite_DeployExtensionLinux",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811"
      },
      {
        "policyDefinitionReferenceId": "Prerequisite_DeployExtensionWindows",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e"
      },
      {
        "policyDefinitionReferenceId": "ASC_DeployAzureSecurityLinuxAgent",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2"
      },
      {
        "policyDefinitionReferenceId": "ASC_DeployAzureSecurityWindowsAgent",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/a15f3269-2e10-458c-87a4-d5989e678a73",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "a15f3269-2e10-458c-87a4-d5989e678a73"
}