Hello, I am looking to create an Azure Policy Definition that will check which Virtual Machines have Inventory enabled. Is this possible?? In the definition JSON, i have attempted the below... But cannot find what I should enter in place of the question marks. I believe it should be something that references a Virtual Machines Inventory enablement. I'm really stuck on this one and would totally appreciate if anyone could advise what i need to enter here. "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "field": "Microsoft.Compute/virtualMachines/????", "notEquals": "true" } ]

Peter Casey One way to check if the inventory has been enabled for the azure virtual machine is to check if Change Tracking extension has been enabled or not. For instance, you can if change tracking is enabled for linux virtual machines, by using field property as "Microsoft.Compute/virtualMachines/extensions/type" and value as "ChangeTracking-Linux". For further references related to change tracking you can refer existing initiative [Preview]: Enable ChangeTracking and Inventory for virtual machines

Can i create an Azure Policy definition that checks which Virtual Machines have Inventory enabled

Accepted answer

SwathiDhanwada-MSFT 18,031 Reputation points

2024-01-12T09:03:42.9033333+00:00

Peter Casey One way to check if the inventory has been enabled for the azure virtual machine is to check if Change Tracking extension has been enabled or not. For instance, you can if change tracking is enabled for linux virtual machines, by using field property as "Microsoft.Compute/virtualMachines/extensions/type" and value as "ChangeTracking-Linux". For further references related to change tracking you can refer existing initiative [Preview]: Enable ChangeTracking and Inventory for virtual machines
Please sign in to rate this answer.
Peter Casey 20 Reputation points

2024-01-18T15:40:02.1566667+00:00

Thanks @SwathiDhanwada-MSFT for your help with this. Very much appreciated. So, i am using the below code in the definition JSON - buy I am getting the following error...

The policy definition '07f16759-29a0-49ce-bbb0-5aa23990fd87' rule is invalid. The resource type 'virtualMachines/extensions/type' referenced by the 'field' property 'Microsoft.Compute/virtualMachines/extensions/type/ChangeTracking-Windows' of the policy rule doesn't exist under provider 'Microsoft.Compute'.

Does this mean that the extension ChangeTracking-Windows needs to be enabled or something like that?

{ "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "field": "Microsoft.Compute/virtualMachines/extensions/type/ChangeTracking-Windows", "notEquals": "true" }

SwathiDhanwada-MSFT 18,031 Reputation points

2024-01-19T07:46:34.6633333+00:00

@Peter Casey The field property is "Microsoft.Compute/virtualMachines/extensions/type". You can try using in below format.

{ "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "field": "Microsoft.Compute/virtualMachines/extensions/type", "equals": "ChangeTracking-Windows" }

You use property aliases to access specific properties for a resource type. Aliases enable you to restrict what values or conditions are allowed for a property on a resource. Each alias maps to paths in different API versions for a given resource type. During policy evaluation, the policy engine gets the property path for that API version. The list of aliases is always growing. To find what aliases are currently supported by Azure Policy, you can use below commands.

# Login first with Connect-AzAccount if not using Cloud Shell # Use Get-AzPolicyAlias to list available providers Get-AzPolicyAlias -ListAvailable # Use Get-AzPolicyAlias to list aliases for a Namespace (such as Azure Compute -- Microsoft.Compute) (Get-AzPolicyAlias -NamespaceMatch 'compute').Aliases

Peter Casey 20 Reputation points

2024-02-01T16:01:49.2533333+00:00

This is very helpful. Thank you.
Sign in to comment

Share via

Can i create an Azure Policy definition that checks which Virtual Machines have Inventory enabled

0 additional answers