For more information on Guest Configuration, visit. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. This policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. It is important to enable encryption of Automation account variable assets when storing sensitive dataĭeploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Machines are non-compliant if Windows machines that do not store passwords using reversible encryptionĪutomation account variables should be encrypted Requires that prerequisites are deployed to the policy assignment scope. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Īudit Windows machines that do not store passwords using reversible encryption Īpp Service apps should only be accessible over HTTPS A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. Īdd system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. Cryptography Policy on the use of cryptographic controlsĪdd system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities The associations between compliance domains, controls, and Azure Policyĭefinitions for this compliance standard may change over time. Therefore, compliance in Azure Policy is only a partial view of your InĪddition, the compliance standard includes controls that aren't addressed by any Azure Policyĭefinitions at this time. Themselves this doesn't ensure you're fully compliant with all requirements of a control. As such, Compliant in Azure Policy refers only to the policy definitions These policies may help you assess compliance with theĬontrol however, there often is not a one-to-one or complete match between a control and one or Each control below is associated with one or more Azure Policy definitions.
0 Comments
Leave a Reply. |