Share via

Azure policy to audit VM image on management group level

Akshay kg 1 Reputation point
2019-11-27T18:05:31.56+00:00

The problem is image id is defined with subiscription id so I need to re write all image IDs with different subscription IDs, when ever a new subscription is added we need to edit the policy to include that as well. Below is the example,

{
    "imageIds": {
        "value": [
             "/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL-SAP"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Database-Ee"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Linux"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-WebLogic-Server"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.1907191810"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.20190604"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3085.1907121547"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3144.1908092220"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3204.1909070001"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3274.1910061629"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180613"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180815"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180912",
                         "/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL-SAP"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Database-Ee"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Linux"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-WebLogic-Server"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.1907191810"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.20190604"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3085.1907121547"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3144.1908092220"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3204.1909070001"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3274.1910061629"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180613"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180815"
            ,"/Subscriptions/<>/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180912"       
]
    }
}

And to change above code to somthing like this.

{
        "imageIds": {
            "value": [
                 "*/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/redhat/ArtifactTypes/VMImage/Offers/RHEL-SAP"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Database-Ee"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-Linux"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/oracle/ArtifactTypes/VMImage/Offers/Oracle-WebLogic-Server"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.1907191810"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3025.20190604"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3085.1907121547"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3144.1908092220"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3204.1909070001"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.3274.1910061629"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180613"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180815"
                ,"*/Providers/Microsoft.Compute/Locations/eastus/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/2016.127.20180912",

    ]
        }
    }

This exact won't work it seems, is there any alternative?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,027 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KarishmaTiwari-MSFT 20,212 Reputation points Microsoft Employee
    2019-11-27T22:51:05.31+00:00

    Currently, Azure policy has not been onboarded to Microsoft Q&A. It will be in next few months.
    Please post your question here in MSDN forum for Azure Management portal : https://social.msdn.microsoft.com/Forums/en-US/home?forum=windowsazuremanagement

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.