Resource Type: Azure > Compute > Virtual Machine

Resource Context

Virtual Machine is a part of the Compute service.

Each Virtual Machine lives under a Resource Group.

Controls

The primary controls for Azure > Compute > Virtual Machine are:

• Active
• Approved
• CMDB
• Discovery
• Schedule
• ServiceNow
• Tags
• Trusted Launch

It is also targeted by these controls:

• Azure > CIS v1 > 7 Virtual Machines > 7.04 Ensure that only approved extensions are installed (Not Scored)
• Azure > CIS v1 > 7 Virtual Machines > 7.05 Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
• Azure > CIS v1 > 7 Virtual Machines > 7.06 Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
• Azure > CIS v1.2 > 7 - Virtual Machines > 7.01 - Ensure Virtual Machines are utilizing Managed Disks (Scored)
• Azure > CIS v1.2 > 7 - Virtual Machines > 7.04 - Ensure that only approved extensions are installed (Not Scored)
• Azure > CIS v1.2 > 7 - Virtual Machines > 7.05 - Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
• Azure > CIS v1.2 > 7 - Virtual Machines > 7.06 - Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed

Quick Actions

• Delete from Azure
• Set Tags
• Skip alarm for Active control
• Skip alarm for Active control [90 days]
• Skip alarm for Approved control
• Skip alarm for Approved control [90 days]
• Skip alarm for Tags control
• Skip alarm for Tags control [90 days]
• Start Virtual Machine
• Stop Virtual Machine

Category

• Compute

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/azure-compute#/resource/types/virtualMachine

Category URI

tmod:@turbot/turbot#/resource/categories/compute

GraphQL

query resource(id: "tmod:@turbot/azure-compute#/resource/types/virtualMachine") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-compute#/resource/types/virtualMachine'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/azure-compute#/resource/types/virtualMachine"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-compute#/resource/types/virtualMachine';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-compute#/resource/types/virtualMachine"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-compute#/resource/types/virtualMachine' and notification_type in ('resource_updated', 'resource_created');