Ensure that your Microsoft Azure virtual machines (VMs) have only organization-approved extensions installed in order to follow your organization's security and compliance requirements. Azure virtual machine extensions are small cloud applications that provide post-deployment configuration and automation tasks for virtual machines. These extensions run with administrative privileges and could potentially access any configuration file or piece of data on a virtual machine. Prior to enabling this conformity rule, a list with the organization-approved software extensions must be defined within the rule settings, on your Cloud Conformity account dashboard.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
To adhere to security best practices and meet regulatory compliance, each organization needs to maintain authorized software by carefully evaluating Azure virtual machine (VM) extensions and ensure that only those that are approved for use are actually implemented.
Audit
To determine if your Azure VMs have only approved extensions installed, perform the following actions:
Remediation / Resolution
To uninstall any unapproved software extensions running on your Microsoft Azure virtual machines, perform the following actions:
References
- Azure Official Documentation
- Virtual machine extensions and features for Windows
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az vm list
- az vm extension
- az vm extension list
- az vm extension delete
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Install Approved Extensions Only
Risk level: High