Is there a policy for auditing whether 'Login with Azure AD' is enabled on a VM or not?

Z.K.Z 211 Reputation points

Hello community,

When creating a VM in Azure, under the 'Management' tab, I can choose 'Login with Azure AD'. 196922-image.png

Is there a policy where I can audit whether my VMs have this feature enabled or not? Or is there a policy to even enforce this box to be ticked when creating a VM? According to Microsoft Documentation under 'Using Azure Policy to ensure standards and assess compliance' it should be possible to at least audit but I haven't found any suitable built-in or custom policies yet. The only policies I found was to disable local users for windows or linux, therefore to only allow Azure AD Users. But I would like to keep a local user as an admnistrator. Therefore this policy is not suitable for my case.

Thanks in advance and best regards!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,543 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
831 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 22,101 Reputation points MVP

    There is not such policy out of the box but you can for example duplicate one of the built-in policies like: Log Analytics Extension should be enabled for listed virtual machine images and modify it for the AAD extension. Specifically you in that policy you can replace "equals": "Microsoft.EnterpriseCloud.Monitoring" with "equals": "Microsoft.Azure.ActiveDirectory" for Windows and "equals": "Microsoft.Azure.ActiveDirectory.LinuxSSH" for Linux.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful