azure-policy

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Azure Policy Skill

This skill provides expert guidance for Azure Policy. Covers troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.

本技能为Azure Policy提供专业指导，涵盖故障排除、最佳实践、决策制定、安全、配置、集成与编码模式，以及部署。它结合了本地快速参考内容和远程文档获取功能。

How to Use This Skill

如何使用本技能

IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120
), use
read_file
with the specified lines. For categories with file links (e.g.,
[security.md](security.md)
), use
read_file
on the linked reference file

IMPORTANT for Agent: If
metadata.generated_at
is more than 3 months old, suggest the user pull the latest version from the repository. If
mcp_microsoftdocs
tools are not available, suggest the user install it: Installation Guide

This skill requires network access to fetch documentation content:

Preferred: Use

mcp_microsoftdocs:microsoft_docs_fetch

with query string

from=learn-agent-skill

. Returns Markdown.

Fallback: Use

fetch_webpage

with query string

from=learn-agent-skill&accept=text/markdown

. Returns Markdown.

对Agent的重要提示：使用下方的分类索引查找相关章节。对于带有行范围的分类（例如
L35-L120
），使用
read_file
读取指定行内容。对于带有文件链接的分类（例如
[security.md](security.md)
），使用
read_file
读取链接的参考文件。

对Agent的重要提示：如果
metadata.generated_at
的时间超过3个月，建议用户从仓库拉取最新版本。如果
mcp_microsoftdocs
工具不可用，建议用户安装该工具：安装指南

本技能需要网络访问权限以获取文档内容：

首选方式：使用
```
mcp_microsoftdocs:microsoft_docs_fetch
```
，并携带查询字符串
```
from=learn-agent-skill
```
，返回Markdown格式内容。
备选方式：使用
```
fetch_webpage
```
，并携带查询字符串
```
from=learn-agent-skill&accept=text/markdown
```
，返回Markdown格式内容。

Category Index

分类索引

Category	Lines	Description
Troubleshooting	L35-L41	Diagnosing and fixing Azure Policy non-compliance, common policy evaluation/deployment errors, and Machine Configuration deployment and remediation issues.
Best Practices	L42-L57	Designing effective Azure Policy definitions: effects, logical/value operators, arrays, tags, initiatives, parameters, and testing/behavior of Machine/Guest Configuration.
Decision Making	L58-L64	Guidance for planning migrations from Azure Automation DSC, DSC extension, and Automanage Best Practices to Azure Policy/Machine Configuration, including mapping features and migration steps.
Security	L65-L125	Using Azure Policy and Machine Configuration for security baselines and mapping to compliance frameworks (CIS, NIST, ISO, PCI, FedRAMP, HIPAA, regional regs) across Azure and Azure Government.
Configuration	L126-L141	Authoring, assigning, storing, and securing Machine Configuration (guest configuration) packages and policies, plus prerequisites, networking, remediation, and compliance result analysis.
Integrations & Coding Patterns	L142-L147	Using Azure Resource Graph to query Azure Policy compliance data and guest configuration state across resources for reporting, auditing, and large-scale policy analysis
Deployment	L148-L157	How to deploy and assign Machine Configuration packages via ARM/Bicep/Terraform/REST, publish packages to storage, and use safe deployment practices with Azure Policy.

分类	行范围	描述
故障排除	L35-L41	诊断并修复Azure Policy不合规问题、常见策略评估/部署错误，以及Machine Configuration部署和修正问题。
最佳实践	L42-L57	设计有效的Azure Policy定义：效果、逻辑/值运算符、数组、标签、计划、参数，以及Machine/Guest Configuration的测试与行为。
决策制定	L58-L64	指导从Azure Automation DSC、DSC扩展和Automanage最佳实践迁移到Azure Policy/Machine Configuration的规划，包括功能映射和迁移步骤。
安全	L65-L125	使用Azure Policy和Machine Configuration实现安全基线，并映射到Azure和Azure Government中的合规框架（CIS、NIST、ISO、PCI、FedRAMP、HIPAA及区域法规）。
配置	L126-L141	编写、分配、存储和保护Machine Configuration（来宾配置）包与策略，以及先决条件配置、网络设置、修正操作和合规结果分析。
集成与编码模式	L142-L147	使用Azure Resource Graph查询Azure Policy合规数据和跨资源的来宾配置状态，用于报告、审计和大规模策略分析。
部署	L148-L157	如何通过ARM/Bicep/Terraform/REST部署和分配Machine Configuration包，将包发布到存储服务，以及在Azure Policy中使用安全部署实践。

Troubleshooting

故障排除

Topic	URL
Troubleshoot Azure Machine Configuration deployments	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/04-operations-troubleshooting
Diagnose causes of Azure Policy non-compliance	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/determine-non-compliance
Troubleshoot common Azure Policy errors and issues	https://learn.microsoft.com/en-us/azure/governance/policy/troubleshoot/general

主题	链接
排查Azure Machine Configuration部署问题	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/04-operations-troubleshooting
诊断Azure Policy不合规的原因	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/determine-non-compliance
排查常见Azure Policy错误和问题	https://learn.microsoft.com/en-us/azure/governance/policy/troubleshoot/general

Best Practices

最佳实践

Topic	URL
Test Machine Configuration packages with GuestConfiguration tools	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/3-test-package
Understand PSDSC behavior changes in Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/psdsc-in-machine-configuration
Author Azure Policy rules for array properties	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays
Count array members with Azure Policy count operator	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-count-operator
Deploy resources using deployIfNotExists policies	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-deploy-resources
Choose and configure Azure Policy effects	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-effect-details
Apply field properties correctly in Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-fields
Group Azure Policy definitions into initiatives	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-group-with-initiative
Use logical operators effectively in Azure Policy rules	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-logical-operators
Parameterize Azure Policy definitions for reuse	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-parameters
Enforce and inherit tags using Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-tags
Use the value operator safely in Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-value-operator

主题	链接
使用GuestConfiguration工具测试Machine Configuration包	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/3-test-package
了解Machine Configuration中PSDSC的行为变化	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/psdsc-in-machine-configuration
为数组属性编写Azure Policy规则	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays
使用Azure Policy count运算符统计数组成员	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-count-operator
使用deployIfNotExists策略部署资源	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-deploy-resources
选择并配置Azure Policy效果	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-effect-details
在Azure Policy中正确应用字段属性	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-fields
将Azure Policy定义分组为计划	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-group-with-initiative
在Azure Policy规则中有效使用逻辑运算符	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-logical-operators
为Azure Policy定义添加参数以实现复用	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-parameters
使用Azure Policy强制实施和继承标签	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-tags
在Azure Policy中安全使用value运算符	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-value-operator

Decision Making

决策制定

Topic	URL
Plan migration from Azure Automation DSC to Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/migrating-from-azure-automation
Plan migration from DSC extension to Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/migrating-from-dsc-extension
Plan migration from Automanage Best Practices to Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/migrate-from-automanage-best-practices

主题	链接
规划从Azure Automation DSC迁移到Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/migrating-from-azure-automation
规划从DSC扩展迁移到Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/migrating-from-dsc-extension
规划从Automanage最佳实践迁移到Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/migrate-from-automanage-best-practices

Security

安全

Topic	URL
Deploy Machine Configuration security baseline policies	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/deploy-a-baseline-policy-assignment
Customize Machine Configuration security baseline parameters	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/specify-custom-parameters-for-baseline-policy
Author JSON parameters for Machine Configuration baselines	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/understand-baseline-settings-parameter
Sign Machine Configuration packages and enforce signed content	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/6-sign-package
Map Azure Policy to Australian ISM PROTECTED controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/australia-ism
Apply Microsoft cloud security benchmark via Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark
Use Azure Policy for Canada Federal PBMM compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/canada-federal-pbmm
Align Azure Policy with CIS Azure Benchmark 1.1.0	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-1-0
Align Azure Policy with CIS Azure Benchmark 1.3.0	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-3-0
Align Azure Policy with CIS Azure Benchmark 1.4.0	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-4-0
Implement CIS Azure Benchmark 2.0.0 with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-2-0-0
Use CIS benchmarks for AlmaLinux via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/alma-ado
Use CIS benchmarks for Debian via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/debian-ado
Use CIS benchmarks for Oracle Linux via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/oracle-ado
Use CIS benchmarks for RHEL via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/rhel-ado
Use CIS benchmarks for Rocky Linux via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/rocky-ado
Use CIS benchmarks for SUSE Linux via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/suse-ado
Use CIS benchmarks for Ubuntu via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/ubuntu-ado
Use Azure Policy to meet CMMC Level 3 controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cmmc-l3
Map Azure Policy to FedRAMP High requirements	https://learn.microsoft.com/en-us/azure/governance/policy/samples/fedramp-high
Map Azure Policy to FedRAMP Moderate requirements	https://learn.microsoft.com/en-us/azure/governance/policy/samples/fedramp-moderate
Map Microsoft cloud security benchmark to Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-azure-security-benchmark
Align Azure Policy with CIS Azure Benchmark 1.1.0 (Gov)	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cis-azure-1-1-0
Map CIS Azure 1.3.0 controls to Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cis-azure-1-3-0
Use Azure Policy for CMMC Level 3 compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cmmc-l3
Align Azure Government with FedRAMP High via Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-fedramp-high
Align Azure Government with FedRAMP Moderate via Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-fedramp-moderate
Implement IRS 1075 2016 controls with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-irs-1075-sept2016
Use Azure Policy for ISO 27001:2013 compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-iso-27001
Use Azure Policy for NIST SP 800-171 R2	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-171-r2
Implement NIST SP 800-53 R4 with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r4
Implement NIST SP 800-53 R5 with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r5
Support SOC 2 compliance in Azure Government with Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-soc-2
Apply CIS Linux security baselines via Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-cis-linux
Apply Docker security baseline via guest configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-docker
Apply Linux security baseline via guest configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-linux
Apply Windows Server security baseline via guest configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-windows
Apply Windows Server 2025 security baseline via guest configuration	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-windows-server-2025
Implement HIPAA HITRUST controls using Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/hipaa-hitrust
Use Azure Policy for IRS 1075 (2016) compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/irs-1075-sept2016
Align Azure Policy with ISO 27001:2013 controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/iso-27001
Use Azure Policy for Sovereignty Baseline Confidential compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/mcfs-baseline-confidential
Use Azure Policy for Sovereignty Baseline Global compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/mcfs-baseline-global
Use Azure Policy to meet NIST SP 800-171 R2	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-171-r2
Implement NIST SP 800-53 Rev. 4 with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r4
Implement NIST SP 800-53 Rev. 5 with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r5
Map Azure Policy to NL BIO Cloud Theme controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nl-bio-cloud-theme
Implement PCI DSS 3.2.1 controls with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pci-dss-3-2-1
Implement PCI DSS v4.0 controls with Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pci-dss-4-0
Use Azure Policy for RBI IT Framework for Banks	https://learn.microsoft.com/en-us/azure/governance/policy/samples/rbi-itf-banks-2016
Use Azure Policy for RBI IT Framework for NBFC	https://learn.microsoft.com/en-us/azure/governance/policy/samples/rbi-itf-nbfc-2017
Map Azure Policy to RMIT Malaysia compliance controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/rmit-malaysia
Implement SOC 2 controls using Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/soc-2
Use Azure Policy for Spain ENS regulatory compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/spain-ens
Map Azure Policy to SWIFT CSP-CSCF v2021 controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/swift-csp-cscf-2021
Map Azure Policy to SWIFT CSP-CSCF v2022 controls	https://learn.microsoft.com/en-us/azure/governance/policy/samples/swift-csp-cscf-2022
Use Azure Policy for UK OFFICIAL and NHS compliance	https://learn.microsoft.com/en-us/azure/governance/policy/samples/ukofficial-uknhs

主题	链接
部署Machine Configuration安全基线策略	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/deploy-a-baseline-policy-assignment
自定义Machine Configuration安全基线参数	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/specify-custom-parameters-for-baseline-policy
为Machine Configuration基线编写JSON参数	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/understand-baseline-settings-parameter
对Machine Configuration包进行签名并强制使用已签名内容	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/6-sign-package
将Azure Policy映射到澳大利亚ISM PROTECTED控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/australia-ism
通过Azure Policy应用Microsoft云安全基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark
使用Azure Policy满足加拿大联邦PBMM合规要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/canada-federal-pbmm
使Azure Policy与CIS Azure Benchmark 1.1.0保持一致	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-1-0
使Azure Policy与CIS Azure Benchmark 1.3.0保持一致	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-3-0
使Azure Policy与CIS Azure Benchmark 1.4.0保持一致	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-4-0
使用Azure Policy实施CIS Azure Benchmark 2.0.0	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-2-0-0
通过Machine Configuration为AlmaLinux使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/alma-ado
通过Machine Configuration为Debian使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/debian-ado
通过Machine Configuration为Oracle Linux使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/oracle-ado
通过Machine Configuration为RHEL使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/rhel-ado
通过Machine Configuration为Rocky Linux使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/rocky-ado
通过Machine Configuration为SUSE Linux使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/suse-ado
通过Machine Configuration为Ubuntu使用CIS基准	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/ubuntu-ado
使用Azure Policy满足CMMC Level 3控制要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/cmmc-l3
将Azure Policy映射到FedRAMP High要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/fedramp-high
将Azure Policy映射到FedRAMP Moderate要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/fedramp-moderate
将Microsoft云安全基准映射到Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-azure-security-benchmark
使Azure Policy与CIS Azure Benchmark 1.1.0（政府版）保持一致	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cis-azure-1-1-0
将CIS Azure 1.3.0控制项映射到Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cis-azure-1-3-0
使用Azure Policy满足CMMC Level 3合规要求（政府版）	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cmmc-l3
通过Policy使Azure Government符合FedRAMP High要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-fedramp-high
通过Policy使Azure Government符合FedRAMP Moderate要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-fedramp-moderate
使用Azure Policy实施IRS 1075 2016控制项（政府版）	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-irs-1075-sept2016
使用Azure Policy满足ISO 27001:2013合规要求（政府版）	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-iso-27001
使用Azure Policy满足NIST SP 800-171 R2要求（政府版）	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-171-r2
使用Azure Policy实施NIST SP 800-53 R4（政府版）	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r4
使用Azure Policy实施NIST SP 800-53 R5（政府版）	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r5
通过Policy在Azure Government中支持SOC 2合规	https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-soc-2
通过Machine Configuration应用CIS Linux安全基线	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-cis-linux
通过来宾配置应用Docker安全基线	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-docker
通过来宾配置应用Linux安全基线	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-linux
通过来宾配置应用Windows Server安全基线	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-windows
通过来宾配置应用Windows Server 2025安全基线	https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-windows-server-2025
使用Azure Policy实施HIPAA HITRUST控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/hipaa-hitrust
使用Azure Policy满足IRS 1075 (2016)合规要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/irs-1075-sept2016
使Azure Policy与ISO 27001:2013控制项保持一致	https://learn.microsoft.com/en-us/azure/governance/policy/samples/iso-27001
使用Azure Policy满足主权基线机密级合规要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/mcfs-baseline-confidential
使用Azure Policy满足主权基线全球级合规要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/mcfs-baseline-global
使用Azure Policy满足NIST SP 800-171 R2要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-171-r2
使用Azure Policy实施NIST SP 800-53 Rev. 4	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r4
使用Azure Policy实施NIST SP 800-53 Rev. 5	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r5
将Azure Policy映射到NL BIO Cloud Theme控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/nl-bio-cloud-theme
使用Azure Policy实施PCI DSS 3.2.1控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pci-dss-3-2-1
使用Azure Policy实施PCI DSS v4.0控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/pci-dss-4-0
使用Azure Policy满足银行RBI IT框架要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/rbi-itf-banks-2016
使用Azure Policy满足NBFC RBI IT框架要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/rbi-itf-nbfc-2017
将Azure Policy映射到RMIT马来西亚合规控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/rmit-malaysia
使用Azure Policy实施SOC 2控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/soc-2
使用Azure Policy满足西班牙ENS法规合规要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/spain-ens
将Azure Policy映射到SWIFT CSP-CSCF v2021控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/swift-csp-cscf-2021
将Azure Policy映射到SWIFT CSP-CSCF v2022控制项	https://learn.microsoft.com/en-us/azure/governance/policy/samples/swift-csp-cscf-2022
使用Azure Policy满足英国OFFICIAL和NHS合规要求	https://learn.microsoft.com/en-us/azure/governance/policy/samples/ukofficial-uknhs

Configuration

配置

Topic	URL
Understand Machine Configuration assignment resources and metadata	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/concepts/assignments
Configure remediation options for Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/concepts/remediation-options
Assign built-in Machine Configuration policies	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-built-in-policies
Create custom Machine Configuration policy definitions	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/create-policy-definition
Install GuestConfiguration authoring module for Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/1-set-up-authoring-environment
Create custom Machine Configuration package artifacts	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/2-create-package
Configure access to Machine Configuration packages in Azure Storage	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/5-access-package
Develop custom Machine Configuration packages	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview
View and analyze Machine Configuration compliance results	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/view-compliance
Configure prerequisites for Azure Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/02-setup-prerequisites
Configure network and endpoints for Machine Configuration	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/03-network-requirements
Use built-in guest configuration packages in Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-packages

主题	链接
了解Machine Configuration分配资源和元数据	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/concepts/assignments
配置Machine Configuration的修正选项	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/concepts/remediation-options
分配内置Machine Configuration策略	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-built-in-policies
创建自定义Machine Configuration策略定义	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/create-policy-definition
安装用于Machine Configuration的GuestConfiguration编写模块	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/1-set-up-authoring-environment
创建自定义Machine Configuration包工件	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/2-create-package
配置对Azure Storage中Machine Configuration包的访问权限	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/5-access-package
开发自定义Machine Configuration包	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview
查看和分析Machine Configuration合规结果	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/view-compliance
配置Azure Machine Configuration的先决条件	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/02-setup-prerequisites
配置Machine Configuration的网络和端点	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/03-network-requirements
在Azure Policy中使用内置来宾配置包	https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-packages

Integrations & Coding Patterns

集成与编码模式

Topic	URL
Query Azure Policy data with Azure Resource Graph	https://learn.microsoft.com/en-us/azure/governance/policy/samples/resource-graph-samples
Query guest configuration state via Resource Graph	https://learn.microsoft.com/en-us/azure/governance/policy/samples/resource-graph-samples-guest-configuration

主题	链接
使用Azure Resource Graph查询Azure Policy数据	https://learn.microsoft.com/en-us/azure/governance/policy/samples/resource-graph-samples
通过Resource Graph查询来宾配置状态	https://learn.microsoft.com/en-us/azure/governance/policy/samples/resource-graph-samples-guest-configuration

Deployment

部署

Topic	URL
Deploy Machine Configuration assignments with ARM templates	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/azure-resource-manager
Deploy Machine Configuration assignments with Bicep	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/bicep
Assign Machine Configuration packages using templates	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/overview
Create Machine Configuration assignments using REST API	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/rest-api
Deploy Machine Configuration assignments using Terraform	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/terraform
Publish Machine Configuration packages to Azure storage	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/4-publish-package
Apply safe deployment practices to Azure Policy	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/policy-safe-deployment-practices

主题	链接
使用ARM模板部署Machine Configuration分配	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/azure-resource-manager
使用Bicep部署Machine Configuration分配	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/bicep
使用模板分配Machine Configuration包	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/overview
使用REST API创建Machine Configuration分配	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/rest-api
使用Terraform部署Machine Configuration分配	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/terraform
将Machine Configuration包发布到Azure存储	https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/4-publish-package
对Azure Policy应用安全部署实践	https://learn.microsoft.com/en-us/azure/governance/policy/how-to/policy-safe-deployment-practices