-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_InstallWindowsGAExtOnVm_Audit.json
99 lines (99 loc) · 3.22 KB
/
ASC_InstallWindowsGAExtOnVm_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
{
"properties": {
"displayName": "[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Install Guest Attestation extension on supported virtual machines to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Windows virtual machines.",
"metadata": {
"category": "Security Center",
"version": "4.0.0-preview",
"preview": true
},
"version": "4.0.0-preview",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.imageReference.offer",
"like": "windows*"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
"like": "Windows*"
}
]
},
{
"field": "Microsoft.Compute/virtualMachines/securityProfile.securityType",
"in": [
"TrustedLaunch",
"ConfidentialVM"
]
},
{
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
"exists": "true"
},
{
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.secureBootEnabled",
"equals": "true"
},
{
"field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings.vTpmEnabled",
"equals": "true"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Azure.Security.WindowsAttestation"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "GuestAttestation"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
"in": [
"Succeeded",
"Provisioning succeeded"
]
}
]
}
}
}
},
"versions": [
"4.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/1cb4d9c2-f88f-4069-bee0-dba239a57b09",
"name": "1cb4d9c2-f88f-4069-bee0-dba239a57b09"
}