JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "[Deprecated]: Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running'" , policyType: "BuiltIn" , mode: "Indexed" , description: "This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the specified services are not installed and 'Running'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol" , metadata: { 4 items version: "1.2.0-deprecated" , category: "Guest Configuration" , requiredProviders: [ 1 item "Microsoft.GuestConfiguration" ] , deprecated: true } , parameters: { 1 item ServiceName: { 2 items type: "String" , metadata: { 2 items displayName: "Service names (supports wildcards)" , description: "A semicolon-separated list of the names of the services that should be installed and 'Running'. e.g. 'WinRm;Wi*'" } } } , policyRule: { 2 items if: { 1 item anyOf: [ 2 items { 1 item allOf: [ 2 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 1 item anyOf: [ 10 items { 2 items field: "Microsoft.Compute/imagePublisher" , in: [ 7 items "esri" , "incredibuild" , "MicrosoftDynamicsAX" , "MicrosoftSharepoint" , "MicrosoftVisualStudio" , "MicrosoftWindowsDesktop" , "MicrosoftWindowsServerHPCPack" ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServer" } , { 2 items field: "Microsoft.Compute/imageSKU" , notLike: "2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftSQLServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , notLike: "SQL2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "microsoft-dsvm" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "dsvm-windows" } ] } , { 1 item } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "batch" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "rendering-windows2016" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "center-for-internet-security-inc" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "cis-windows-server-201*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "pivotal" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "bosh-windows-server*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "cloud-infrastructure-services" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "ad*" } ] } , { 1 item } ] } ] } , { 1 item } ] } , then: { 2 items effect: "deployIfNotExists" , details: { 5 items roleDefinitionIds: [ 1 item "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" Contributor ] , type: "Microsoft.GuestConfiguration/guestConfigurationAssignments" , name: "WindowsServiceStatus" , existenceCondition: { 2 items field: "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash" , equals: 🔍 "[
base64(
concat(
'[
WindowsServiceStatus
]WindowsServiceStatus1;ServiceName',
'=',
parameters('ServiceName')
)
)
]" } , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 5 items } , template: { 4 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 5 items } , resources: [ 4 items { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'microsoft.hybridcompute/machines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } , { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2018-11-20" , type: "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments" , name: 🔍 "[
concat(
parameters('vmName'),
'/Microsoft.GuestConfiguration/',
parameters('configurationName')
)
]", location: "[parameters('location')]" , properties: { 1 item } } , { 6 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2019-07-01" , type: "Microsoft.Compute/virtualMachines" , identity: { 1 item } , name: "[parameters('vmName')]" , location: "[parameters('location')]" } , { 7 items condition: 🔍 "[
equals(
toLower(
parameters('type')
),
toLower(
'Microsoft.Compute/virtualMachines'
)
)
]", apiVersion: "2019-07-01" , name: 🔍 "[
concat(
parameters('vmName'),
'/AzurePolicyforWindows'
)
]", type: "Microsoft.Compute/virtualMachines/extensions" , location: "[parameters('location')]" , properties: { 6 items publisher: "Microsoft.GuestConfiguration" , type: "ConfigurationforWindows" , typeHandlerVersion: "1.1" , autoUpgradeMinorVersion: true , settings : {} , protectedSettings : {} } , dependsOn: [ 1 item 🔍 "[
concat(
'Microsoft.Compute/virtualMachines/',
parameters('vmName'),
'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',
parameters('configurationName')
)
]"] } ] } } } } } } }