AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Azure Machine Learning compute instances should be recreated to get the latest software updates

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Machine Learning compute instances should be recreated to get the latest software updates
Id f110a506-2dcb-422e-bcea-d533fc8c35e2
Version 1.0.3
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.3
Built-in Versioning [Preview]
Category Machine Learning
Microsoft Learn
Description Ensure Azure Machine Learning compute instances run on the latest available operating system. Security is improved and vulnerabilities reduced by running with the latest security patches. For more information, visit https://aka.ms/azureml-ci-updates/.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Fixed
[parameters('effects')]
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.MachineLearningServices/workspaces/computes/computeType Microsoft.MachineLearningServices workspaces/computes properties.computeType True False
Microsoft.MachineLearningServices/workspaces/computes/osImageMetadata.isLatestOsImageVersion Microsoft.MachineLearningServices workspaces/computes properties.properties.osImageMetadata.isLatestOsImageVersion True False
Rule resource types IF (1)
Microsoft.MachineLearningServices/workspaces/computes
Compliance
The following 6 compliance controls are associated with this Policy definition 'Azure Machine Learning compute instances should be recreated to get the latest software updates' (f110a506-2dcb-422e-bcea-d533fc8c35e2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Posture and Vulnerability Management Audit and enforce secure configurations Shared **Security Principle:** Continuously monitor and alert when there is a deviation from the defined configuration baseline. Enforce the desired configuration according to the baseline configuration by denying the non-compliant configuration or deploy a configuration. **Azure Guidance:** Use Microsoft Defender for Cloud to configure Azure Policy to audit and enforce configurations of your Azure resources. Use Azure Monitor to create alerts when there is a configuration deviation detected on the resources. Use Azure Policy [deny] and [deploy if not exist] rule to enforce secure configuration across Azure resources. For resource configuration audit and enforcement not supported by Azure Policy, you may need to write your own scripts or use third-party tooling to implement the configuration audit and enforcement. **Implementation and additional context:** Understand Azure Policy effects: https://docs.microsoft.com/azure/governance/policy/concepts/effects Create and manage policies to enforce compliance: https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage Get compliance data of Azure resources: https://docs.microsoft.com/azure/governance/policy/how-to/get-compliance-data n/a link 27
C.04.6 - Timelines C.04.6 - Timelines 404 not found n/a n/a 21
New_Zealand_ISM 12.4.4.C.02 New_Zealand_ISM_12.4.4.C.02 New_Zealand_ISM_12.4.4.C.02 12. Product Security 12.4.4.C.02 Patching vulnerabilities in products n/a Agencies MUST implement a patch management strategy, including an evaluation or testing process. 2
NL_BIO_Cloud_Theme C.04.6(2) NL_BIO_Cloud_Theme_C.04.6(2) NL_BIO_Cloud_Theme_C.04.6(2) C.04 Technical Vulnerability Management Technical vulnerabilities n/a Technical weaknesses can be remedied by performing patch management in a timely manner, which includes: identifying, registering and acquiring patches; the decision-making around the use of patches; testing patches; performing patches; registering implemented patches. 22
op.exp.2 Security configuration op.exp.2 Security configuration 404 not found n/a n/a 112
op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found n/a n/a 123
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Enforce recommended guardrails for Machine Learning Enforce-Guardrails-MachineLearning Machine Learning GA ALZ
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-08-11 17:58:20 change Patch (1.0.2 > 1.0.3)
2023-05-22 17:43:18 change Patch (1.0.1 > 1.0.2)
2023-04-06 17:42:16 change Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2023-01-13 18:06:06 add f110a506-2dcb-422e-bcea-d533fc8c35e2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC