AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Linux machines should only have local accounts that are allowed

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Linux machines should only have local accounts that are allowed

73db37c4-f180-4b0f-ab2c-8ee96467686b

Version

2.2.0
Details on versioning

Versioning

Versions supported for Versioning: 2
2.1.0
2.2.0
Built-in Versioning [Preview]

Category

Guest Configuration
Microsoft Learn

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Managing user accounts using Azure Active Directory is a best practice for management of identities. Reducing local machine accounts helps prevent the proliferation of identities managed outside a central system. Machines are non-compliant if local user accounts exist that are enabled and not listed in the policy parameter.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

RBAC role(s)

none

Rule aliases

IF (7)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.linuxConfiguration	True	True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	True	True
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	virtualmachines	properties.osProfile.osType	True	False
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	True	False

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	True		False
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	True		False

Rule resource types

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-01-22 17:47:54	change	Minor (2.1.0 > 2.2.0)
2023-08-03 17:56:09	change	Minor (2.0.0 > 2.1.0)
2022-01-28 17:51:01	change	Major (1.1.0 > 2.0.0)
2021-10-04 15:27:15	change	Minor (1.0.0 > 1.1.0)
2021-05-18 14:34:48	add	73db37c4-f180-4b0f-ab2c-8ee96467686b

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC