last sync: 2020-Jul-13 14:14:31 UTC

Azure Policy Initiative

Audit Windows VMs that do not contain the specified certificates in Trusted Root

Initiative DisplayName Audit Windows VMs that do not contain the specified certificates in Trusted Root
Initiative Id cdfcc6ff-945e-4bc6-857e-056cbc511e0c
Initiative Category Guest Configuration
Initiative Description This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\LocalMachine\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-06-11 19:46:04 change DisplayName Name change: '[Preview]: Audit Windows VMs that do not contain the specified certificates in Trusted Root' to 'Audit Windows VMs that do not contain the specified certificates in Trusted Root'
Initiative Policies count Total Policies: 2
Builtin Policies: 2/2
Static Policies: 0/2
Initiative Policies
Policy DisplayName Policy Id
Show audit results from Windows VMs that do not contain the specified certificates in Trusted Root f3b9ad83-000d-4dc1-bff0-6d54533dd03f
Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root 106ccbe4-a791-4f33-a44a-06796944b8d5
Initiative Rule
{
  "properties": {
    "displayName": "Audit Windows VMs that do not contain the specified certificates in Trusted Root",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\LocalMachine\\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.0.0",
      "category": "Guest Configuration"
    },
    "parameters": {
      "CertificateThumbprints": {
        "type": "String",
        "metadata": {
          "displayName": "Certificate thumbprints",
          "description": "A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
        }
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Deploy_WindowsCertificateInTrustedRoot",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5",
        "parameters": {
          "CertificateThumbprints": {
          "value": "[parameters('CertificateThumbprints')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Audit_WindowsCertificateInTrustedRoot",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/cdfcc6ff-945e-4bc6-857e-056cbc511e0c",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "cdfcc6ff-945e-4bc6-857e-056cbc511e0c"
}