Azure Policy 内置计划定义Azure Policy built-in initiative definitions

此页是 Azure Policy 内置计划定义的索引。This page is an index of Azure Policy built-in initiative definitions.

每个内置项的名称会链接到 Azure Policy GitHub 存储库中的计划定义源。The name on each built-in links to the initiative definition source on the Azure Policy GitHub repo. 这些内置项按元数据中的 category 属性进行分组。The built-ins are grouped by the category property in metadata. 若要跳转到特定的类别,请使用页面右侧的菜单。To jump to a specific category, use the menu on the right side of the page. 否则,请按 Ctrl-F 来使用浏览器的搜索功能。Otherwise, use Ctrl-F to use your browser's search feature.

来宾配置Guest Configuration

名称Name 说明Description 策略Policies 版本Version
审核未安装指定应用程序的 Linux VMAudit Linux VMs that do not have the specified applications installed 此计划部署策略要求,并审核未安装指定应用程序的 Linux 虚拟机。This initiative deploys the policy requirements and audits Linux virtual machines that do not have the specified applications installed. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.1.01.1.0
审核安装了指定应用程序的 Linux VMAudit Linux VMs that have the specified applications installed 此计划部署策略要求,并审核安装了指定应用程序的 Linux 虚拟机。This initiative deploys the policy requirements and audits Linux virtual machines that have the specified applications installed. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.1.01.1.0
审核带有不安全密码安全设置的 VMAudit VMs with insecure password security settings 此计划部署策略要求,并审核带有不安全密码安全设置的虚拟机。This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 1818 1.1.0-preview1.1.0-preview
审核未启用 Windows 串行控制台的 Windows Server VMAudit Windows Server VMs on which Windows Serial Console is not enabled 此计划部署策略要求,并审核未启用 Windows 串行控制台的 Windows Server 虚拟机。This initiative deploys the policy requirements and audits Windows Server virtual machines on which Windows Serial Console is not enabled. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核其“管理员”组中包含任何指定成员的 Windows VMAudit Windows VMs in which the Administrators group contains any of the specified members 此计划部署策略要求,并审核其“管理员”组中包含任何指定成员的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group contains any of the specified members. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核其“管理员”组中不包含所有指定成员的 Windows VMAudit Windows VMs in which the Administrators group does not contain all of the specified members 此计划部署策略要求,并审核其“管理员”组中不包含所有指定成员的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain all of the specified members. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核其“管理员”组中不只包含指定成员的 Windows VMAudit Windows VMs in which the Administrators group does not contain only the specified members 此计划部署策略要求,并审核其“管理员”组中不只包含指定成员的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain only the specified members. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核其 DSC 配置不符合要求的的 Windows VMAudit Windows VMs on which the DSC configuration is not compliant 此计划部署策略要求,并审核 Desired State Configuration (DSC) 配置不合规的 Windows VM。This initiative deploys the policy requirements and audits Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. 此策略仅适用于包含 WMF 4 和更高版本的计算机。This policy is only applicable to machines with WMF 4 and above. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.0-preview1.0.0-preview
审核其 Log Analytics 代理未按预期方式连接的 Windows VMAudit Windows VMs on which the Log Analytics agent is not connected as expected 此计划部署策略要求,并审核其 Log Analytics 代理未连接到指定工作区的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.0-preview1.0.0-preview
审核其远程主机连接状态与指定的状态不匹配的 Windows VMAudit Windows VMs on which the remote host connection status does not match the specified one 此计划部署策略要求,并审核其远程主机连接状态与指定的状态不匹配的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines on which the remote host connection status does not match the specified one. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.0-preview1.0.0-preview
审核未安装指定的服务且“正在运行”的 Windows VMAudit Windows VMs on which the specified services are not installed and 'Running' 此计划部署策略要求,并审核未安装指定的服务且“正在运行”的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and 'Running'. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核未加入指定域的 Windows VMAudit Windows VMs that are not joined to the specified domain 此计划部署策略要求,并审核未加入指定域的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核未设置为指定时区的 Windows VMAudit Windows VMs that are not set to the specified time zone 此计划部署策略要求,并审核未设置为指定时区的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that are not set to the specified time zone. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核包含在指定天数内过期的证书的 Windows VMAudit Windows VMs that contain certificates expiring within the specified number of days 此计划部署策略要求,并审核包含在指定天数内过期的证书的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.0-preview1.0.0-preview
审核在受信任的根中不包含指定证书的 Windows VMAudit Windows VMs that do not contain the specified certificates in Trusted Root 此计划部署策略要求,并审核受信任的根证书颁发机构证书存储 (Cert: LocalMachine Root) 中不包含指定证书的 Windows VM。This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\LocalMachine\Root). 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.0-preview1.0.0-preview
审核未安装指定应用程序的 Windows VMAudit Windows VMs that do not have the specified applications installed 此计划部署策略要求,并审核未安装指定应用程序的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核未指定 Windows PowerShell 执行策略的 Windows VMAudit Windows VMs that do not have the specified Windows PowerShell execution policy 此计划部署策略要求,并审核未将 Windows PowerShell 配置为使用指定 PowerShell 执行策略的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核未安装指定 Windows PowerShell 模块的 Windows VMAudit Windows VMs that do not have the specified Windows PowerShell modules installed 此计划部署策略要求,并审核未安装指定 Windows PowerShell 模块的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified Windows PowerShell modules installed. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核与 Azure 安全基线设置不匹配的 Windows VMAudit Windows VMs that do not match Azure security baseline settings 此计划部署策略要求,并审核采用不合规 Azure 安全基线配置的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 5858 1.0.0-preview1.0.0-preview
审核在指定天数内未重启的 Windows VMAudit Windows VMs that have not restarted within the specified number of days 此计划部署策略要求,并审核在指定天数内未重启的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that have not restarted within the specified number of days. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.0-preview1.0.0-preview
审核安装了指定应用程序的 Windows VMAudit Windows VMs that have the specified applications installed 此计划部署策略要求,并审核安装了指定应用程序的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines that have the specified applications installed. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核正在等待重新启动的 Windows VMAudit Windows VMs with a pending reboot 此计划部署策略要求,并审核正在等待重新启动的 Windows 虚拟机。This initiative deploys the policy requirements and audits Windows virtual machines with a pending reboot. 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0
审核未使用安全通信协议的 Windows Web 服务器Audit Windows web servers that are not using secure communication protocols 此计划部署策略要求,并审核未使用安全通信协议(TLS 1.1 或 TLS 1.2)的 Windows Web 服务器。This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). 有关“来宾配置”策略的详细信息,请访问来宾配置For more information on Guest Configuration policies, please visit guest configuration 22 1.0.01.0.0

监视Monitoring

名称Name 说明Description 策略Policies 版本Version
启用用于虚拟机规模集的 Azure MonitorEnable Azure Monitor for Virtual Machine Scale Sets 在指定范围(管理组、订阅或资源组)内启用用于虚拟机规模集的 Azure Monitor。Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). 将 Log Analytics 工作区用作参数。Takes Log Analytics workspace as parameter. 注意:如果规模集 upgradePolicy 设置为“Manual”,则需要通过对规模集调用升级将扩展应用到集中的所有 VM。Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. 在 CLI 中,这将是 az vmss update-instances。In CLI this would be az vmss update-instances. 66 1.0.11.0.1
启用用于 VM 的 Azure MonitorEnable Azure Monitor for VMs 在指定范围(管理组、订阅或资源组)内启用用于虚拟机 (VM) 的 Azure Monitor。Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). 将 Log Analytics 工作区用作参数。Takes Log Analytics workspace as parameter. 66 1.0.11.0.1

安全中心Security Center

名称Name 说明Description 策略Policies 版本Version
[预览版]:启用数据保护套件[Preview]: Enable Data Protection Suite 为 SQL 服务器启用数据保护。Enable data protection for SQL servers. 此计划由 Azure 安全中心标准层自动分配。This initiative is assigned automatically by Azure Security Center Standard Tier. 11 1.0.0-preview1.0.0-preview
在 Azure 安全中心启用监视Enable Monitoring in Azure Security Center 监视 Azure 安全中心中的所有可用安全建议。Monitor all the available security recommendations in Azure Security Center. 这是 Azure 安全中心的默认策略。This is the default policy for Azure Security Center. 9999 4.0.04.0.0

后续步骤Next steps