Ensure that all the Azure virtual machine (VM) instances necessary for your application stack are launched from an approved base Azure machine image, known as golden machine image, in order to enforce application security best practices, consistency, and save time when scaling your application.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
An approved machine image is a custom virtual machine (VM) image that contains a pre-configured OS and a well-defined stack of server software, fully configured to run your application. Using approved (golden) machine images to launch new VM instances within your Azure cloud environment brings major benefits such as fast and stable application deployment and scaling, secure application stack upgrades, and versioning.
To determine if your virtual machine instances are being launched from an approved machine image, perform the following operations:
Remediation / Resolution
To meet security and compliance requirements within your organization and launch virtual machine instances from approved machine images only, re-create the required VM instances using the approved (golden) machine image by perform the following operations:
- Azure Official Documentation
- Network security groups
- Create a managed image of a generalized VM in Azure
- Create a VM from a managed image
- Find and use VM images in the Azure Marketplace with Azure PowerShell
- Tutorial: Create a custom image of an Azure VM with the Azure CLI
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Approved Azure Machine Image in Use
Risk level: Medium