Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale Set

MEDIUM

Description

Windows Diagnostic is not enabled for Azure Windows Virtual Machine Scale Set, this may make audit challenging.

Remediation

In Terraform -

In the azurerm_windows_virtual_machine_scale_set resources, set IaaSDiagnostics to true. This field is case sensitive.
Create an extension block for the extension IaaSDiagnostics, which includes the publisher Microsoft.Azure.Diagnostics.
Set the type and type_handler_version.

References:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/extensions-diagnostics
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine_scale_set#settings
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine_scale_set#extension

Policy Details

Rule Reference ID: AC_AZURE_0150

CSP: Azure

Remediation Available: No

Domain: Compliance Validation

Resource: azurerm_windows_virtual_machine_scale_set

Resource Category: Compute

Resource Type: Virtual Machine

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1