turbot/azure_compliance

Query: compute_windows_vm_secure_boot_enabled

Usage

powerpipe query azure_compliance.query.compute_windows_vm_secure_boot_enabled

SQL

select
a.id as resource,
case
when image_offer not like '%Windows%' or os_type not like 'Windows%' then 'skip'
when security_profile ->> 'securityType' in ('TrustedLaunch','ConfidentialVM') and security_profile ->> 'uefiSettings' is not null and security_profile -> 'uefiSettings' ->> 'secureBootEnabled' = 'true' then 'ok'
else 'alarm'
end as status,
case
when image_offer not like '%Windows%' or os_type not like 'Windows%' then a.title || ' is not a windows VM.'
when security_profile ->> 'securityType' in ('TrustedLaunch','ConfidentialVM') and security_profile ->> 'uefiSettings' is not null and security_profile -> 'uefiSettings' ->> 'secureBootEnabled' = 'true' then a.title || ' secure boot enabled.'
else a.title || ' secure boot disabled.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_compute_virtual_machine as a,
azure_subscription as sub
where
sub.subscription_id = a.subscription_id

Controls

The query is being used by the following controls: