Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This page is an index of Azure Policy built-in policy definitions for Azure Arc-enabled servers. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
| Name (Azure portal) |
Description | Effect(s) | Version (GitHub) |
|---|---|---|---|
| Configure Linux Machines to be associated with a Data Collection Rule or a Data Collection Endpoint | Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased. | DeployIfNotExists, Disabled | 6.1.0 |
| Configure Windows Machines to be associated with a Data Collection Rule or a Data Collection Endpoint | Deploy Association to link Windows virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased. | DeployIfNotExists, Disabled | 4.2.0 |
| Endpoint protection health issues should be resolved on your machines | Resolve endpoint protection health issues on your virtual machines to protect them from latest threats and vulnerabilities. Azure Security Center supported endpoint protection solutions are documented here - https://docs.azure.cn/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions . Endpoint protection assessment is documented here - https://docs.azure.cn/security-center/security-center-endpoint-protection . | AuditIfNotExists, Disabled | 1.0.0 |
| Endpoint protection should be installed on your machines | To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution. | AuditIfNotExists, Disabled | 1.0.0 |
| SQL servers on machines should have vulnerability findings resolved | SQL vulnerability assessment scans your database for security vulnerabilities, and exposes any deviations from best practices such as misconfigurations, excessive permissions, and unprotected sensitive data. Resolving the vulnerabilities found can greatly improve your database security posture. | AuditIfNotExists, Disabled | 1.0.0 |
- See the built-ins on the Azure Policy GitHub repo.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.