-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_AzureSecurityWindowsAgent_Arc_DINE.json
112 lines (112 loc) · 3.79 KB
/
ASC_AzureSecurityWindowsAgent_Arc_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
{
"properties": {
"displayName": "[Preview]: Configure supported Windows Arc machines to automatically install the Azure Security agent",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Configure supported Windows Arc machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target Windows Arc machines must be in a supported location.",
"metadata": {
"category": "Security Center",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "DeployIfNotExists",
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/machines"
},
{
"field": "Microsoft.HybridCompute/imageOffer",
"like": "windows*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.HybridCompute/machines/extensions",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.HybridCompute/machines/extensions/type",
"equals": "AzureSecurityWindowsAgent"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/Publisher",
"equals": "Microsoft.Azure.Security.Monitoring"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
"equals": "Succeeded"
}
]
},
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"location": {
"value": "[field('location')]"
},
"vmName": {
"value": "[field('name')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"vmName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'), '/', 'AzureSecurityWindowsAgent')]",
"apiVersion": "2021-06-10-preview",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.Security.Monitoring",
"type": "AzureSecurityWindowsAgent",
"settings": {},
"protectedSettings": {}
}
}
]
}
}
}
}
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/d01f3018-de9f-4d75-8dae-d12c1875da9f",
"name": "d01f3018-de9f-4d75-8dae-d12c1875da9f"
}