ISO27001:2013

Question

Hello,

I have noticed that my VMs running Linux Ubuntu 24.04 LTS are not compliant with the following policies:

7f89b1eb-583c-429a-8828-af049802c1d9 (Audit diagnostic setting for selected resource types)

32133ab0-ee4b-4b44-98d6-042180979d50 ([Preview]: Log Analytics Extension should be enabled for listed virtual machine images)

11ac78e3-31bc-4f0c-8434-37ab963cea07 (Dependency agent should be enabled for listed virtual machine images)

It appears that the necessary agents for these policies are not compatible with the latest VM versions and are largely considered legacy (for example, the diagnostic settings require Python 2, which is outdated).

I have already set up data collection rules for both Linux and Windows machines and have associated them with all VMs, logging all possible data into a central Log Analytics Workspace. Why isn't this approach sufficient for compliance? I believe this method represents the most modern approach to logging system and performance data into Log Analytics Workspace.

Could you please advise on how I can ensure compliance with all ISO 27001:2013 policies?

PS: I can not install Python 2 or use older Ubuntu image versions.

Answer 1

Hi,

My best advise is to open support case towards Microsoft as these are built-in policies. Overall the policy initiative should be modified to check if Azure Monitor Agent is installed not Azure Log Analytics agent. The latter is deprecated so it should not be used. Why Microsoft hasn't updated their built-in policies is unknown to me. Alternatively you can try to log your issue at Azure Policy GitHub repo.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.