Detections
Analytics

Ensure extensions are not installed on Azure Windows Virtual Machine

MEDIUM

Description

Extensions are installed in Azure Windows Virtual Machine, they may make virtual machines vulnerable.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Virtual Machines.
  2. Choose the Virtual Machine you wish to edit.
  3. Under Settings, select Extensions + applications.
  4. Select the extension and choose Uninstall.

In Terraform -

  1. In the azurerm_windows_virtual_machine resource, set allow_extension_operations to false.
  2. Set provision_vm_agent to false.

References:
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine#allow_extension_operations

Policy Details

Rule Reference ID: AC_AZURE_0304
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_windows_virtual_machine
Resource Category: Compute
Resource Type: Virtual Machine

Frameworks