Ensure that your Microsoft Azure virtual machines (VMs) have only organization-approved extensions installed in order to follow your organization's security and compliance requirements. Azure virtual machine extensions are small cloud applications that provide post-deployment configuration and automation tasks for virtual machines. These extensions run with administrative privileges and could potentially access any configuration file or piece of data on a virtual machine. Prior to enabling this conformity rule, a list with the organization-approved software extensions must be defined within the rule settings, on your Cloud Conformity account dashboard.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
To adhere to security best practices and meet regulatory compliance, each organization needs to maintain authorized software by carefully evaluating Azure virtual machine (VM) extensions and ensure that only those that are approved for use are actually implemented.
Audit
To determine if your Azure VMs have only approved extensions installed, perform the following actions:
Remediation / Resolution
To uninstall any unapproved software extensions running on your Microsoft Azure virtual machines, perform the following actions:
References
- Azure Official Documentation
- Virtual machine extensions and features for Windows
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az vm list
- az vm extension
- az vm extension list
- az vm extension delete