Azure Policy 内置计划定义Azure Policy built-in initiative definitions

此页是 Azure Policy 内置计划定义的索引。This page is an index of Azure Policy built-in initiative definitions.

每个内置项的名称会链接到 Azure Policy GitHub 存储库中的计划定义源。The name on each built-in links to the initiative definition source on the Azure Policy GitHub repo. 这些内置项按元数据中的 category 属性进行分组。The built-ins are grouped by the category property in metadata. 若要跳转到特定的类别,请使用页面右侧的菜单。To jump to a specific category, use the menu on the right side of the page. 否则,请按 Ctrl-F 来使用浏览器的搜索功能。Otherwise, use Ctrl-F to use your browser's search feature.

来宾配置Guest Configuration

名称Name 说明Description 策略Policies 版本Version
审核具有不安全密码安全设置的计算机Audit machines with insecure password security settings 此计划部署策略要求,并审核具有不安全密码安全设置的计算机。This initiative deploys the policy requirements and audits machines with insecure password security settings. 有关 Guest Configuration 策略的详细信息,请访问 more information on Guest Configuration policies, please visit 99
部署先决条件以在虚拟机上启用来宾配置策略Deploy prerequisites to enable Guest Configuration policies on virtual machines 此计划添加系统分配的托管标识,并向符合来宾配置策略监视条件的虚拟机部署平台相应的来宾配置扩展。This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be monitored by Guest Configuration policies. 这是所有来宾配置策略的先决条件,在使用任何来宾配置策略之前必须被分配到策略分配范围。This is a prerequisite for all Guest Configuration policies and must be assigned to the policy assignment scope before using any Guest Configuration policy. 有关来宾配置的详细信息,请访问 more information on Guest Configuration, visit 44 1.0.0-preview1.0.0-preview
Windows 计算机应符合 Azure 安全基线的要求Windows machines should meet requirements for the Azure security baseline 此计划审核具有不符合 Azure 安全基线的设置的 Windows 计算机。This initiative audits Windows machines with settings that do not meet the Azure security baseline. 有关详细信息,请访问 details, please visit 2929 2.0.0-preview2.0.0-preview


名称Name 说明Description 策略Policies 版本Version
启用用于虚拟机规模集的 Azure MonitorEnable Azure Monitor for Virtual Machine Scale Sets 在指定范围(管理组、订阅或资源组)内启用用于虚拟机规模集的 Azure Monitor。Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). 将 Log Analytics 工作区用作参数。Takes Log Analytics workspace as parameter. 注意:如果规模集 upgradePolicy 设置为“Manual”,则需要通过对规模集调用升级将扩展应用到集中的所有 VM。Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. 在 CLI 中,这将是 az vmss update-instances。In CLI this would be az vmss update-instances. 66
启用用于 VM 的 Azure MonitorEnable Azure Monitor for VMs 在指定范围(管理组、订阅或资源组)内为虚拟机 (VM) 启用 Azure Monitor。Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). 将 Log Analytics 工作区用作参数。Takes Log Analytics workspace as parameter. 1010

安全中心Security Center

名称Name 说明Description 策略Policies 版本Version
[预览版]:启用数据保护套件[Preview]: Enable Data Protection Suite 为 SQL 服务器启用数据保护。Enable data protection for SQL servers. 此计划由 Azure 安全中心标准层自动分配。This initiative is assigned automatically by Azure Security Center Standard Tier. 11 1.0.0-preview1.0.0-preview
在 Azure 安全中心启用监视Enable Monitoring in Azure Security Center 监视 Azure 安全中心中的所有可用安全建议。Monitor all the available security recommendations in Azure Security Center. 这是 Azure 安全中心的默认策略。This is the default policy for Azure Security Center. 118118

后续步骤Next steps