Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading resources...

Resource Type: Azure > Compute > Virtual Machine

The Virtual Machine (VM) resource type is a virtual machine image that can be used to create new instances within the Azure environment.

Resource Context

Virtual Machine is a part of the Compute service.

Each Virtual Machine lives under a Resource Group.

Controls

The primary controls for Azure > Compute > Virtual Machine are:

  • Active
  • Allowed
  • Approved
  • Boot Diagnostics
  • CMDB
  • Discovery
  • Extensions
  • Intelligent Assessment
  • Schedule
  • ServiceNow
  • Tags
  • Trusted Launch

It is also targeted by these controls:

  • Azure > CIS v1 > 7 Virtual Machines > 7.04 Ensure that only approved extensions are installed (Not Scored)
  • Azure > CIS v1 > 7 Virtual Machines > 7.05 Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
  • Azure > CIS v1 > 7 Virtual Machines > 7.06 Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.01 - Ensure Virtual Machines are utilizing Managed Disks (Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.04 - Ensure that only approved extensions are installed (Not Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.05 - Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.06 - Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.05 - Ensure that 'Disk Network Access' is NOT set to 'Enable public access from all networks'
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.06 - Ensure that 'Enable Data Access Authentication Mode' is 'Checked'
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.07 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.08 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.10 - Ensure only MFA enabled identities can access privileged Virtual Machine
  • Azure > CIS v3.0 > 08 - Virtual Machines > 08.11 - Ensure Trusted Launch is enabled on Virtual Machines

Quick Actions

  • Delete
  • Delete from Azure
  • Router
  • Set Tags
  • Set Tags
  • Skip alarm for Active control
  • Skip alarm for Active control [90 days]
  • Skip alarm for Approved control
  • Skip alarm for Approved control [90 days]
  • Skip alarm for Tags control
  • Skip alarm for Tags control [90 days]
  • Start
  • Start Virtual Machine
  • Stop
  • Stop Virtual Machine
  • Update Boot Diagnostics
  • Update Guest Configuration
  • Update Trusted Luanch

Category

  • Compute

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/azure-compute#/resource/types/virtualMachine
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/compute
    • GraphQL
    • query resource(id: "tmod:@turbot/azure-compute#/resource/types/virtualMachine") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-compute#/resource/types/virtualMachine'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/azure-compute#/resource/types/virtualMachine"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-compute#/resource/types/virtualMachine';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-compute#/resource/types/virtualMachine"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-compute#/resource/types/virtualMachine' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
205
Resource Types
3,574
Policies
1,936
Controls
103
Quick Actions
114
IAM