Ensure that your Microsoft Azure virtual machine scale sets are configured to receive instance termination notifications through the Azure Metadata service and have a predefined delay timeout configured for the "Terminate" operation (event). The termination notifications are delivered through Scheduled Events, an Azure Metadata feature which sends termination notifications, and can also be used to delay impactful operations such as reboots and redeployments. The delay associated with the "Terminate" event will depend on the delay limit specified in the VM scale set model configuration.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Once the Instance Termination Notifications feature is enabled, virtual machine scale set instances don't need to wait for a specified timeout to expire before the instance is deleted. After receiving a "Terminate" event notification, the VM instance can choose to be deleted at any time before the termination timeout expires.
To determine if instance termination notifications are enabled for your Azure virtual machine scale sets, perform the following actions:Note: Verifying Instance Termination Notifications feature status for your virtual machines scale sets using Azure Portal is not currently supported.
Remediation / Resolution
To enable VM instance termination notifications for your Microsoft Azure virtual machine scale sets, perform the following actions:Note: Enabling instance termination notifications for your virtual machines scale sets using Azure Portal is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Instance Termination Notifications for Virtual Machine Scale Sets
Risk level: Medium