test/Compute.csv at master · SebastianClaesson/test · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
"DisplayName";"Description";"Path"
"Configure managed disks to disable public network access";"Disable public network access for your managed disk resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/disksprivatelinksdoc.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/AddDiskAccessToDisk_Modify.json"
"Configure disk access resources to use private DNS zones";"Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to a managed disk. Learn more at: https://aka.ms/disksprivatelinksdoc.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/DiskAccesses_PrivateDnsZones_DeployIfNotExist.json"
"Configure disk access resources with private endpoints";"Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to disk access resources, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/disksprivatelinksdoc.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/DiskAccesses_PrivateEndpoints_DeployIfNotExists.json"
"Managed disks should be double encrypted with both platform-managed and customer-managed keys";"High security sensitive customers who are concerned of the risk associated with any particular encryption algorithm, implementation, or key being compromised can opt for additional layer of encryption using a different encryption algorithm/mode at the infrastructure layer using platform managed encryption keys. The disk encryption sets are required to use double encryption. Learn more at https://aka.ms/disks-doubleEncryption.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/DoubleEncryptionRequired_Deny.json"
"Virtual machines and virtual machine scale sets should have encryption at host enabled";"Use encryption at host to get end-to-end encryption for your virtual machine and virtual machine scale set data. Encryption at host enables encryption at rest for your temporary disk and OS/data disk caches. Temporary and ephemeral OS disks are encrypted with platform-managed keys when encryption at host is enabled. OS/data disk caches are encrypted at rest with either customer-managed or platform-managed key, depending on the encryption type selected on the disk. Learn more at https://aka.ms/vm-hbe.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/HostBasedEncryptionRequired_Deny.json"
"Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption";"Requiring a specific set of disk encryption sets to be used with managed disks give you control over the keys used for encryption at rest. You are able to select the allowed encrypted sets and all others are rejected when attached to a disk. Learn more at https://aka.ms/disks-cmk.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/ManagedDiskEncryptionSetsAllowed_Deny.json"
"OS and data disks should be encrypted with a customer-managed key";"Use customer-managed keys to manage the encryption at rest of the contents of your managed disks. By default, the data is encrypted at rest with platform-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://aka.ms/disks-cmk.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/OSAndDataDiskCMKRequired_Deny.json"
"Configure disaster recovery on virtual machines by enabling replication via Azure Site Recovery";"Virtual machines without disaster recovery configurations are vulnerable to outages and other disruptions. If the virtual machine does not already have disaster recovery configured, this would initiate the same by enabling replication using preset configurations to facilitate business continuity.  You can optionally include/exclude virtual machines containing a specified tag to control the scope of assignment. To learn more about disaster recovery, visit https://aka.ms/asr-doc.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/VirtualMachineReplication_AzureSiteRecovery_DeployIfNotExists.json"
"Deploy default Microsoft IaaSAntimalware extension for Windows Server";"This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/VMAntimalwareExtension_Deploy.json"
"Allowed virtual machine size SKUs";"This policy enables you to specify a set of virtual machine size SKUs that your organization can deploy.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/VMSkusAllowed_Deny.json"
"Require automatic OS image patching on Virtual Machine Scale Sets";"This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month.";"https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Compute/VMSSOSUpgradeHealthCheck_Deny.json"
"allowed-disk-skus";"allowed-disk-skus";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/allowed-disk-skus/azurepolicy.json"
"allowed-vm-os";"allowed-vm-os";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/allowed-vm-os/azurepolicy.json"
"blocked-disk-skus";"blocked-disk-skus";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/blocked-disk-skus/azurepolicy.json"
"Configure managed disks to disable public access";"Configure managed disks to disable public access";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/Configure managed disks to disable public access/azurepolicy.json"
"deny-new-linux-vm-ssh-with-password";"deny-new-linux-vm-ssh-with-password";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/deny-new-linux-vm-ssh-with-password/azurepolicy.json"
"deploy-hybrid-benefit-windows";"deploy-hybrid-benefit-windows";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/deploy-hybrid-benefit-windows/azurepolicy.json"
"only_approved_vmss_extensions_should_be_installed";"only_approved_vmss_extensions_should_be_installed";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/only_approved_vmss_extensions_should_be_installed/azurepolicy.json"
"VM use allowed Images";"VM use allowed Images";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/VM use allowed Images/azurepolicy.json"
"[Preview] Deploy AAD Login For Linux SSH extension on Linux virtual machines";"[Preview] Deploy AAD Login For Linux SSH extension on Linux virtual machines";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/[Preview] Deploy AAD Login For Linux SSH extension on Linux virtual machines/deploy-aadlogin.json"
"[Preview] Deploy AAD Login For Windows extension on Windows virtual machines";"[Preview] Deploy AAD Login For Windows extension on Windows virtual machines";"https://github.com/Azure/Community-Policy/tree/master/Policies/Compute/[Preview] Deploy AAD Login For Windows extension on Windows virtual machines/deploy-aadlogin.json"