This policy checks all Azure virtual machines and reports on any that are not making use of Managed Disks. Optionally, a report listing the non-compliant virtual machines is emailed.
- The Azure Resource Manager API is used to retrieve a list of all virtual machines and their metadata.
- This list is then filtered to just those virtual machines that have a value for
properties.storageProfile.osDisk.vhd; this indicates that the virtual machine is not using Managed Disks.
- Email Addresses - Email addresses of the recipients you wish to notify when new incidents are created.
- Azure Endpoint - The endpoint to send Azure API requests to. Recommended to leave this at default unless using this policy with Azure China.
- Allow/Deny Subscriptions - Determines whether the Allow/Deny Subscriptions List parameter functions as an allow list (only providing results for the listed subscriptions) or a deny list (providing results for all subscriptions except for the listed subscriptions).
- Allow/Deny Subscriptions List - A list of allowed or denied Subscription IDs/names. If empty, no filtering will occur and recommendations will be produced for all subscriptions.
- Allow/Deny Regions - Whether to treat Allow/Deny Regions List parameter as allow or deny list. Has no effect if Allow/Deny Regions List is left empty.
- Allow/Deny Regions List - Filter results by region, either only allowing this list or denying it depending on how the above parameter is set. Leave blank to consider all the regions.
- Exclusion Tags - The policy will filter resources containing the specified tags from the results. The following formats are supported:
Key- Filter all resources with the specified tag key.Key==Value- Filter all resources with the specified tag key:value pair.Key!=Value- Filter all resources missing the specified tag key:value pair. This will also filter all resources missing the specified tag key.Key=~/Regex/- Filter all resources where the value for the specified key matches the specified regex string.Key!~/Regex/- Filter all resources where the value for the specified key does not match the specified regex string. This will also filter all resources missing the specified tag key.
- Exclusion Tags: Any / All - Whether to filter instances containing any of the specified tags or only those that contain all of them. Only applicable if more than one value is entered in the
Exclusion Tagsfield.
- Sends an email notification
This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
For administrators creating and managing credentials to use with this policy, the following information is needed:
-
Azure Resource Manager Credential (provider=azure_rm) which has the following permissions:
Microsoft.Compute/virtualMachines/read
-
Flexera Credential (provider=flexera) which has the following roles:
billing_center_viewer
The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.
- Azure
This Policy Template does not incur any cloud costs