Azure Policy now audits applications installed inside virtual machines
Posted on Saturday, November 10, 2018
Azure Policy Guest Configuration provides the capability to audit settings inside VMs on Azure. The newest policy offers the ability to check for installed applications.
There are three Guest Configuration policies in preview. The first policy, which audits password security settings for both Windows and Linux, was released at Ignite 2018.
We have added a policy to audit the encryption protocol in use by Windows Server IIS. The VM will be compliant if TLS version 1.1 or 1.2 is enabled and other protocols are disabled. The policy is named “[Preview]: Audit web server security settings inside Windows VMs.”
We recently published the third policy that audits whether an application is installed inside Windows VMs. The policy is named “[Preview]: Audit applications inside Windows VMs.”
Examples for how this would be used:
- VMs must have the latest antimalware solution.
- VMs must have a monitoring agent.
- VMs must include Chef or Puppet agents.
The policy is checking if Windows lists the software as an installed application. It is not scanning the file system. The intent is to validate trusted software for operational requirements.
A new video series guides customers through their first experience in using Azure Policy Guest Configuration:
- How to get started with Azure Policy Guest Configuration (2 minutes)
- What are initiatives in Azure Policy and how do they simplify Guest Configuration (2 minutes)
- How to assign a policy in Azure to audit installed software (example, Puppet Agent) (4 minutes)
- How to onboard existing virtual machines to perform audits from a new policy assignment (2 minutes)