Virtual Machine uses an approved custom machine image
vm_ensure_using_approved_images
Azure VMs are evaluated for use of an approved custom image by inspecting the VM image reference. The expected format is a subscription-scoped ID like /subscriptions/.../providers/Microsoft.Compute/images/<image>, not marketplace, gallery, or community sources.
Risk
Using unapproved images undermines integrity and confidentiality by introducing unknown packages, misconfigurations, or malware. Attackers can implant backdoors, weaken hardening, and bypass baselines, enabling data exfiltration and lateral movement, and harming availability with unpatched software.
prowler azure --checks vm_ensure_using_approved_images
Recommendation
Standardize on golden images maintained in an Azure Compute Gallery or managed images.
- Harden and patch each release; scan for vulnerabilities
- Restrict who can create/publish images (least privilege)
- Enforce deployments only from approved images via policy
- Version, sign, and retire images regularly
Remediation
az vm create --resource-group <RESOURCE_GROUP> --name <VM_NAME> --image /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Compute/images/<IMAGE_NAME> --admin-username azureuser --generate-ssh-keys
- In Azure Portal, go to Virtual machines > Create > Azure virtual machine
- Under Image, click See all images, then select the My Images tab
- Choose the approved managed image (type: Microsoft.Compute/images)
- Complete required basics and create the VM
- If replacing a non-compliant VM, migrate workload and delete the old VM
Source Code
Resource Type
microsoft.compute/virtualmachines