JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members" , policyType: "BuiltIn" , mode: "Indexed" , description: "This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group contains any of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol" , metadata: { 4 items version: "1.2.0-deprecated" , category: "Guest Configuration" , requiredProviders: [ 1 item "Microsoft.GuestConfiguration" ] , deprecated: true } , parameters: { 1 item MembersToExclude: { 2 items type: "String" , metadata: { 2 items displayName: "Members to exclude" , description: "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2" } } } , policyRule: { 2 items if: { 1 item anyOf: [ 2 items { 1 item allOf: [ 2 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 1 item anyOf: [ 10 items { 2 items field: "Microsoft.Compute/imagePublisher" , in: [ 7 items "esri" , "incredibuild" , "MicrosoftDynamicsAX" , "MicrosoftSharepoint" , "MicrosoftVisualStudio" , "MicrosoftWindowsDesktop" , "MicrosoftWindowsServerHPCPack" ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServer" } , { 2 items field: "Microsoft.Compute/imageSKU" , notLike: "2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftSQLServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , notLike: "SQL2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "microsoft-dsvm" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "dsvm-windows" } ] } , { 1 item } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "batch" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "rendering-windows2016" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "center-for-internet-security-inc" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "cis-windows-server-201*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "pivotal" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "bosh-windows-server*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "cloud-infrastructure-services" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "ad*" } ] } , { 1 item } ] } ] } , { 1 item } ] } , then: { 2 items effect: "deployIfNotExists" , details: { 5 items roleDefinitionIds: [ 1 item "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" Contributor ] , type: "Microsoft.GuestConfiguration/guestConfigurationAssignments" , name: "AdministratorsGroupMembersToExclude" , existenceCondition: { 2 items field: "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash" , equals: 🔍 "[
base64(
concat(
'[
LocalGroup
]AdministratorsGroup;MembersToExclude',
'=',
parameters('MembersToExclude')
)
)
]" } , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 5 items } , template: { 4 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 5 items } , resources: [ 4 items { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'microsoft.hybridcompute/machines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } , { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } , { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2019-07-01" , type: "Microsoft.Compute/virtualMachines" , identity: { 1 item } , name: "[parameters('vmName')]" , location: "[parameters('location')]" } , { 7 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2019-07-01" , name: 🔍 "[
concat(
parameters('vmName'),
'/AzurePolicyforWindows'
)
]", type: "Microsoft.Compute/virtualMachines/extensions" , location: "[parameters('location')]" , properties: { 6 items publisher: "Microsoft.GuestConfiguration" , type: "ConfigurationforWindows" , typeHandlerVersion: "1.1" , autoUpgradeMinorVersion: true , settings : {} , protectedSettings : {} } , dependsOn: [ 1 item 🔍 "[
concat(
'Microsoft.Compute/virtualMachines/',
parameters('vmName'),
'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',
parameters('configurationName')
)
]"] } ] } } } } } } }