Skip to content

Commit

Permalink
feat: make Anti Malware Extension default for Win VMs (WAF Security a…
Browse files Browse the repository at this point in the history 
…lignment) (#4029)

## Description

If not overridden, the MS Defender extension will be installed as
default for Windows VMs

## Pipeline Reference

Only one test fails due to capacity restrictions (nVidia)

| Pipeline |
| -------- |
|
[![avm.res.compute.virtual-machine](https://github.com/rahalan/bicep-registry-modules/actions/workflows/avm.res.compute.virtual-machine.yml/badge.svg?branch=users%2Frahalan%2FSecureVM)](https://github.com/rahalan/bicep-registry-modules/actions/workflows/avm.res.compute.virtual-machine.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->
  • Loading branch information
@rahalan
rahalan authored Dec 20, 2024
1 parent db19cdb commit 29f9f21
Show file tree
Hide file tree
Showing 5 changed files with 65 additions and 99 deletions.
7 changes: 1 addition & 6 deletions avm/res/compute/virtual-machine/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5375,12 +5375,7 @@ The configuration for the [Anti Malware] extension. Must at least contain the ["

- Required: No
- Type: object
- Default:
```Bicep
{
enabled: false
}
```
- Default: `[if(equals(parameters('osType'), 'Windows'), createObject('enabled', true()), createObject('enabled', false()))]`

### Parameter: `extensionAzureDiskEncryptionConfig`

Expand Down
9 changes: 3 additions & 6 deletions avm/res/compute/virtual-machine/extension/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -121,10 +121,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down
20 changes: 16 additions & 4 deletions avm/res/compute/virtual-machine/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,9 +160,11 @@ param extensionAadJoinConfig object = {
}

@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.')
param extensionAntiMalwareConfig object = {
enabled: false
}
param extensionAntiMalwareConfig object = osType == 'Windows'
? {
enabled: true
}
: { enabled: false }

@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
param extensionMonitoringAgentConfig object = {
Expand Down Expand Up @@ -742,7 +744,17 @@ module vm_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAn
typeHandlerVersion: extensionAntiMalwareConfig.?typeHandlerVersion ?? '1.3'
autoUpgradeMinorVersion: extensionAntiMalwareConfig.?autoUpgradeMinorVersion ?? true
enableAutomaticUpgrade: extensionAntiMalwareConfig.?enableAutomaticUpgrade ?? false
settings: extensionAntiMalwareConfig.settings
settings: extensionAntiMalwareConfig.?settings ?? {
AntimalwareEnabled: 'true'
Exclusions: {}
RealtimeProtectionEnabled: 'true'
ScheduledScanSettings: {
day: '7'
isEnabled: 'true'
scanType: 'Quick'
time: '120'
}
}
supressFailures: extensionAntiMalwareConfig.?supressFailures ?? false
tags: extensionAntiMalwareConfig.?tags ?? tags
}
Expand Down
126 changes: 44 additions & 82 deletions avm/res/compute/virtual-machine/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "8928644602939334563"
"version": "0.32.4.45862",
"templateHash": "18035592397318794838"
},
"name": "Virtual Machines",
"description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.",
Expand Down Expand Up @@ -648,9 +648,7 @@
},
"extensionAntiMalwareConfig": {
"type": "object",
"defaultValue": {
"enabled": false
},
"defaultValue": "[if(equals(parameters('osType'), 'Windows'), createObject('enabled', true()), createObject('enabled', false()))]",
"metadata": {
"description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed."
}
Expand Down Expand Up @@ -1304,8 +1302,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "5147048658891642308"
"version": "0.32.4.45862",
"templateHash": "4332293246640728460"
}
},
"definitions": {
Expand Down Expand Up @@ -2908,8 +2906,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -3024,10 +3022,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -3123,8 +3118,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -3239,10 +3234,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -3318,7 +3310,7 @@
"value": "[coalesce(tryGet(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), false())]"
},
"settings": {
"value": "[parameters('extensionAntiMalwareConfig').settings]"
"value": "[coalesce(tryGet(parameters('extensionAntiMalwareConfig'), 'settings'), createObject('AntimalwareEnabled', 'true', 'Exclusions', createObject(), 'RealtimeProtectionEnabled', 'true', 'ScheduledScanSettings', createObject('day', '7', 'isEnabled', 'true', 'scanType', 'Quick', 'time', '120')))]"
},
"supressFailures": {
"value": "[coalesce(tryGet(parameters('extensionAntiMalwareConfig'), 'supressFailures'), false())]"
Expand All @@ -3334,8 +3326,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -3450,10 +3442,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -3540,8 +3529,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -3656,10 +3645,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -3751,8 +3737,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -3867,10 +3853,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -3957,8 +3940,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -4073,10 +4056,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -4171,8 +4151,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -4287,10 +4267,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -4389,8 +4366,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -4505,10 +4482,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -4601,8 +4575,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -4717,10 +4691,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -4809,8 +4780,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -4925,10 +4896,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -5026,8 +4994,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -5142,10 +5110,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -5239,8 +5204,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "688718350646227538"
"version": "0.32.4.45862",
"templateHash": "12912200857967286939"
},
"name": "Virtual Machine Extensions",
"description": "This module deploys a Virtual Machine Extension.",
Expand Down Expand Up @@ -5355,10 +5320,7 @@
"settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
"protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
"suppressFailures": "[parameters('supressFailures')]"
},
"dependsOn": [
"virtualMachine"
]
}
}
},
"outputs": {
Expand Down Expand Up @@ -5438,8 +5400,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "17378339479808033328"
"version": "0.32.4.45862",
"templateHash": "8409556960090427141"
},
"name": "Recovery Service Vaults Protection Container Protected Item",
"description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
Expand Down
Loading

0 comments on commit 29f9f21

Please sign in to comment.