last sync: 2024-Nov-25 18:54:43 UTC

Enforce recommended guardrails for Automation Account

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-Automation
Display nameEnforce recommended guardrails for Automation Account
IdEnforce-Guardrails-Automation
Version1.0.0
Details on versioning
CategoryAutomation
DescriptionThis policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 6
Builtin Policies: 6
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Automation Account should have Managed Identity dea83a72-443c-4292-83d5-54a2f98749c0 Automation Default
Audit
Allowed
Audit, Disabled
0 GA BuiltIn
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Automation account should have local authentication method disabled 48c5f1cb-14ad-4797-8e3b-f78ab3f8d700 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Configure Azure Automation account to disable local authentication 30d1d58e-8f96-47a5-8564-499a3f3cca81 Automation Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Configure Azure Automation accounts to disable public network access 23b36a7c-9d26-4288-a8fd-c1d2fa284d8c Automation Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Hotpatch should be enabled for Windows Server Azure Edition VMs 6d02d2f7-e38b-4bdc-96f3-adc0a8726abc Automanage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Roles used
History none
JSON compare n/a
JSON
EPAC