Ensure that only approved extensions are installed
Why This Matters
Azure virtual machine extensions run with elevated privileges, granting them broad access to the VM's resources, data, and configurations. If an unapproved or malicious extension is installed, it can compromise the entire VM, exfiltrate sensitive data, or be used as a foothold for lateral movement within your environment. Administrators must enforce a strict approval policy to prevent unauthorized extensions from bypassing security controls and maintain the principle of least privilege.
What Aether365 Checks
Aether365 verifies that each Azure virtual machine has only approved extensions installed based on your organization's pre-configured allowlist. This check appears in the Aether365 dashboard under the azure-azure-virtual-machines category and flags any VMs with unapproved or unrecognized extensions.