Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.CRY.47
Covered by Spectral: No
Category: Compute

GSL LOGIC

VirtualMachine should not have virtualHardDisk

REMEDIATION

From Portal

Using the search feature, go to Virtual Machines
Select the virtual machine you would like to convert
Select Disks in the menu for the VM
At the top select Migrate to managed disks
You may follow the prompts to convert the disk and finish by selecting 'Migrate' to start the process
Click Save.

NOTE: VMs will be stopped and restarted after migration is complete.

From TF
Each Virtual Machine should have either azurerm_managed_disk block or managed disk id defined under 'azurerm_virtual_machine_data_disk_attachment':

resource "azurerm_managed_disk" "example" {
	...
	name = "MANAGED-DISK-NAME"
	create_option = "EMPTY/ATTACH"
	storage_account_type = "TYPE"
	...
}

#OR

resource "azurerm_virtual_machine_data_disk_attachment" "example" {
	..
	managed_disk_id   = "ID"
	..
}

From Command Line
For each virtual machine that has unmanaged disk volumes attached, Run below three commands-

Deallocate the VM-

az vm deallocate --resource-group RESOURCEGROUP --name VMNAME

Convert the VM-

az vm convert --resource-group RESOURCEGROUP --name VMNAME

To Start the VM-

az vm start --resource-group RESOURCEGROUP --name VMNAME

References

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/convert-unmanaged-to-managed-disks
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#managed_disk_id

Virtual Machine

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.

Compliance Frameworks

Azure CIS Foundations v. 1.2.0
Azure CIS Foundations v. 1.3.1
Azure CIS Foundations v. 1.4.0
Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset