π Azure Virtual Machine Unapproved Extensions are installed π’
- Contextual name: π Unapproved Extensions are installed π’
- ID:
/ce/ca/azure/virtual-machine/uninstall-unapproved-extensions - Located in: π Azure Virtual Machines
Flagsβ
- π’ Impossible policy
- π’ Policy with categories
- π’ Policy with type
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITY
Similar Policiesβ
- Cloud Conformity
Descriptionβ
Descriptionβ
For added security, only install organization-approved extensions on VMs.
Rationaleβ
Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. These extensions run with administrative privileges and could potentially access anything on a virtual machine. The Azure Portal and community provide several such extensions. Each organization should carefully evaluate these extensions and ensure that only those that are approved for use are actually implemented.
Impactβ
Functionality by unsupported extensions will be disabled.
Auditβ
From Azure Portalβ
- Go to
Virtual machines.- For each virtual machine, click on the server name to select it go to.
- In the new column menu, under
SettingsClick onExtensions + applications.- Ensure that all the listed extensions are approved by your organization for use.
From Azure CLIβ
Use the below command to list the extensions attached to a VM, and ensure the listed extensions are approved for use:
... see more
Remediationβ
Remediationβ
From Azure Portalβ
- Go to
Virtual machines.- For each virtual machine, go to
Settings.- Click on
Extensions + applications.- If there are unapproved extensions, uninstall them.
From Azure CLIβ
From the audit command identify the unapproved extensions, and use the below CLI command to remove an unapproved extension attached to VM:
az vm extension delete --resource-group <resourceGroupName> --vm-name <vmName> --name <extensionName>From PowerShellβ
For each VM and each insecure extension from the Audit Procedure run the following command:
Remove-AzVMExtension -ResourceGroupName <ResourceGroupName> -Name <ExtensionName> -VMName <VirtualMachineName>
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS Azure v2.1.0 β πΌ 7.5 Ensure that Only Approved Extensions Are Installed - Level 1 (Manual) | 1 | |||
| πΌ CIS Azure v3.0.0 β πΌ 8.7 Ensure that Only Approved Extensions Are Installed (Manual) | 1 | |||
| πΌ Cloudaware Framework β πΌ Threat Protection | 25 |