AzInitiativeAdvertizer

last sync: 2024-Sep-18 17:50:42 UTC

Enforce recommended guardrails for Automation Account

Source

Display name

Enforce recommended guardrails for Automation Account

Enforce-Guardrails-Automation

Version

Category

Automation

Description

This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.

Type

Custom Azure Landing Zones (ALZ)

Deprecated

False

Preview

False

Policy count

Total Policies: 6
Builtin Policies: 6
Static Policies: 0
ALZ Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State	Type
Automation Account should have Managed Identity	dea83a72-443c-4292-83d5-54a2f98749c0	Automation	Default Audit Allowed Audit, Disabled	0		GA	BuiltIn
Automation account variables should be encrypted	3657f5a0-770e-44a3-b44e-9431ba1e9735	Automation	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Azure Automation account should have local authentication method disabled	48c5f1cb-14ad-4797-8e3b-f78ab3f8d700	Automation	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn
Configure Azure Automation account to disable local authentication	30d1d58e-8f96-47a5-8564-499a3f3cca81	Automation	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Configure Azure Automation accounts to disable public network access	23b36a7c-9d26-4288-a8fd-c1d2fa284d8c	Automation	Default Modify Allowed Modify, Disabled	1	Contributor	GA	BuiltIn
Hotpatch should be enabled for Windows Server Azure Edition VMs	6d02d2f7-e38b-4bdc-96f3-adc0a8726abc	Automanage	Default Audit Allowed Audit, Deny, Disabled	0		GA	BuiltIn

Roles used

Total Roles usage: 2
Total Roles unique usage: 1

Role	Role Id	Policies count	Policies
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c	2	Configure Azure Automation account to disable local authentication, Configure Azure Automation accounts to disable public network access

History

none

JSON compare

n/a

JSON

EPAC