AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Configure SSH security posture for Linux (powered by OSConfig)

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Configure SSH security posture for Linux (powered by OSConfig)

e22a2f03-0534-4d10-8ea0-aa25a6113233

Version

1.0.1
Details on versioning

Versioning

Versions supported for Versioning: 2
1.0.0-preview
1.0.1
Built-in Versioning [Preview]

Category

Guest Configuration
Microsoft Learn

Description

This policy audits and configures SSH server security configuration on Linux machines (Azure VMs and Arc-enabled machines). For more information including pre-requisites, settings in scope, defaults, and customization, see https://aka.ms/SshPostureControlOverview

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Guest Configuration Resource Contributor	088ab73d-1256-47ae-bea9-9de8e7131f31

Rule aliases

IF (7)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.linuxConfiguration	True	True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	True	True
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	virtualmachines	properties.osProfile.osType	True	False
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	True	False

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	True		False
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	True		False

Rule resource types

IF (4)
Microsoft.Compute/virtualMachines
Microsoft.Compute/virtualMachineScaleSets
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines
THEN-Deployment (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.hybridcompute/machines

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-10-15 17:53:32	change	Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2024-06-03 17:39:43	add	e22a2f03-0534-4d10-8ea0-aa25a6113233

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC