AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

[Preview]: A managed identity should be enabled on your machines

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: A managed identity should be enabled on your machines

e4953962-5ae4-43eb-bb92-d66fd5563487

Version

1.0.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]

Category

Automanage
Microsoft Learn

Description

Resources managed by Automanage should have a managed identity.

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (2)

Microsoft.Compute/virtualMachines
Microsoft.HybridCompute/machines

Compliance

The following 2 compliance controls are associated with this Policy definition '[Preview]: A managed identity should be enabled on your machines' (e4953962-5ae4-43eb-bb92-d66fd5563487)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
	Azure Security Baseline	Azure Security Baseline	404 not found				n/a	n/a		4
Azure_Security_Benchmark_v3.0	IM-3	Azure_Security_Benchmark_v3.0_IM-3	Microsoft cloud security benchmark IM-3	Identity Management	IM-3 Manage application identities securely and automatically	Shared	Security Principle: Use managed application identities instead of creating human accounts for applications to access resources and execute code. Managed application identities provide benefits such as reducing the exposure of credentials. Automate the rotation of credential to ensure the security of the identities. Azure Guidance: Use Azure managed identities, which can authenticate to Azure services and resources that support Microsoft Entra ID authentication. Managed identity credentials are fully managed, rotated, and protected by the platform, avoiding hard-coded credentials in source code or configuration files. For services that don't support managed identities, use Microsoft Entra ID to create a service principal with restricted permissions at the resource level. It is recommended to configure service principals with certificate credentials and fall back to client secrets for authentication. Implementation and additional context: Azure managed identities: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview Services that support managed identities for Azure resources: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities Azure service principal: https://docs.microsoft.com/powershell/azure/create-azure-service-principal-azureps Create a service principal with certificates: https://docs.microsoft.com/azure/active-directory/develop/howto-authenticate-service-principal-powershell	n/a	link	15

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Preview]: Audit configuration against Automanage Best Practices	c138fd1a-e08f-4318-9490-d11ef2c2f9c1	Automanage	Preview	BuiltIn	unknown
[Preview]: Microsoft cloud security benchmark v2	e3ec7e09-768c-4b64-882c-fcada3772047	Security Center	Preview	BuiltIn	unknown

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-02-16 18:41:08	add	e4953962-5ae4-43eb-bb92-d66fd5563487

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC