question

Akshaykg-9372 avatar image
0 Votes"
Akshaykg-9372 asked ·

Azure policy to audit VM image on management group level

The problem is image id is defined with subiscription id so I need to re write all image IDs with different subscription IDs, when ever a new subscription is added we need to edit the policy to include that as well. Below is the example,


 {
     "imageIds": {
         "value": [
              "/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL-SAP"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Database-Ee"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Linux"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-WebLogic-Server"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.1907191810"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.20190604"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3085.1907121547"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3144.1908092220"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3204.1909070001"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3274.1910061629"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180613"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180815"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180912",
                          "/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL-SAP"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Database-Ee"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Linux"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-WebLogic-Server"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.1907191810"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.20190604"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3085.1907121547"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3144.1908092220"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3204.1909070001"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3274.1910061629"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180613"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180815"
             ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180912"         
 ]
     }
 }

And to change above code to somthing like this.

 {
         "imageIds": {
             "value": [
                  "*/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL-SAP"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Database-Ee"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Linux"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-WebLogic-Server"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.1907191810"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.20190604"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3085.1907121547"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3144.1908092220"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3204.1909070001"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3274.1910061629"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180613"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180815"
                 ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180912",
                             
     ]
         }
     }


This exact won't work it seems, is there any alternative?

azure-virtual-machinesazure-virtual-machines-monitoring
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If the answer helped you, please 'approve as answer', so that it can help others in the community looking for help on similar question. Thanks. :)

0 Votes 0 ·

1 Answer

karishmatiwari-msft avatar image
1 Vote"
karishmatiwari-msft answered ·

Currently, Azure policy has not been onboarded to Microsoft Q&A. It will be in next few months.
Please post your question here in MSDN forum for Azure Management portal : https://social.msdn.microsoft.com/Forums/en-US/home?forum=windowsazuremanagement

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.