AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Audit Windows VMs with a pending reboot

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Audit Windows VMs with a pending reboot

4221adbc-5c0f-474f-88b7-037a99e6114c

Version

2.0.0
Details on versioning

Versioning

Versions supported for Versioning: 1
2.0.0
Built-in Versioning [Preview]

Category

Guest Configuration
Microsoft Learn

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the machine is pending reboot for any of the following reasons: component based servicing, Windows Update, pending file rename, pending computer rename, configuration manager pending reboot. Each detection has a unique registry path.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Fixed
auditIfNotExists

RBAC role(s)

none

Rule aliases

IF (7)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	True	True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	True	True
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	virtualmachines	properties.osProfile.osType	True	False
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	True	False

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	True		False

Rule resource types

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

Compliance

The following 2 compliance controls are associated with this Policy definition 'Audit Windows VMs with a pending reboot' (4221adbc-5c0f-474f-88b7-037a99e6114c)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
SWIFT_CSCF_v2021	2.2	SWIFT_CSCF_v2021_2.2	SWIFT CSCF v2021 2.2	Reduce Attack Surface and Vulnerabilities	Security Updates		n/a	Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk.	link	1
SWIFT_CSCF_v2022	2.2	SWIFT_CSCF_v2022_2.2	SWIFT CSCF v2022 2.2	2. Reduce Attack Surface and Vulnerabilities	Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk.	Shared	n/a	All hardware and software inside the secure zone and on operator PCs are within the support life cycle of the vendor, have been upgraded with mandatory software updates, and have had security updates promptly applied.	link	9

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: SWIFT CSP-CSCF v2021	abf84fac-f817-a70c-14b5-47eec767458a	Regulatory Compliance	Preview	BuiltIn
SWIFT CSP-CSCF v2022	7bc7cd6c-4114-ff31-3cac-59be3157596d	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03	add	4221adbc-5c0f-474f-88b7-037a99e6114c

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC