AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

[Preview]: Azure Stack HCI servers should meet Secured-core requirements

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Azure Stack HCI servers should meet Secured-core requirements
Id 5e6bf724-0154-49bc-985f-27b2e07e636b
Version 1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
Category Stack HCI
Microsoft Learn
Description Ensure that all Azure Stack HCI servers meet the Secured-core requirements. To enable the Secured-core server requirements: 1. From the Azure Stack HCI clusters page, go to Windows Admin Center and select Connect. 2. Go to the Security extension and select Secured-core. 3. Select any setting that is not enabled and click Enable.
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
AuditIfNotExists
Allowed
Audit, Disabled, AuditIfNotExists
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.AzureStackHCI/clusters/reportedProperties.clusterVersion Microsoft.AzureStackHCI clusters properties.reportedProperties.clusterVersion True False
THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.AzureStackHCI/clusters/securitySettings/securityComplianceStatus.securedCoreCompliance Microsoft.AzureStackHCI clusters/securitySettings properties.securityComplianceStatus.securedCoreCompliance True False
Rule resource types IF (1)
Microsoft.AzureStackHCI/clusters
Compliance
The following 1 compliance controls are associated with this Policy definition '[Preview]: Azure Stack HCI servers should meet Secured-core requirements' (5e6bf724-0154-49bc-985f-27b2e07e636b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Posture and Vulnerability Management Audit and enforce secure configurations for compute resources Shared **Security Principle:** Continuously monitor and alert when there is a deviation from the defined configuration baseline in your compute resources. Enforce the desired configuration according to the baseline configuration by denying the non-compliant configuration or deploy a configuration in compute resources. **Azure Guidance:** Use Microsoft Defender for Cloud and Azure Policy guest configuration agent to regularly assess and remediate configuration deviations on your Azure compute resources, including VMs, containers, and others. In addition, you can use Azure Resource Manager templates, custom operating system images, or Azure Automation State Configuration to maintain the security configuration of the operating system. Microsoft VM templates in conjunction with Azure Automation State Configuration can assist in meeting and maintaining security requirements. Note: Azure Marketplace VM images published by Microsoft are managed and maintained by Microsoft. **Implementation and additional context:** How to implement Microsoft Defender for Cloud vulnerability assessment recommendations: https://docs.microsoft.com/azure/security-center/security-center-vulnerability-assessment-recommendations How to create an Azure virtual machine from an ARM template: https://docs.microsoft.com/azure/virtual-machines/windows/ps-template Azure Automation State Configuration overview: https://docs.microsoft.com/azure/automation/automation-dsc-overview Create a Windows virtual machine in the Azure portal: https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-portal Container security in Microsoft Defender for Cloud: https://docs.microsoft.com/azure/security-center/container-security n/a link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-01 17:50:27 add 5e6bf724-0154-49bc-985f-27b2e07e636b
JSON compare n/a
JSON
api-version=2021-06-01
EPAC