---
title: VM not attached to network
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > VM not attached to network
---

# VM not attached to network

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `ansible-azure-vm-not-attached-to-network` 

**Provider:** Azure

**Platform:** Ansible

**Severity:** Medium

**Category:** Insecure Configurations

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_virtualmachine_module.html#parameter-network_interface_names)

### Description{% #description %}

Virtual machines should reference explicit network interfaces so network security controls (for example, Network Security Groups) can be applied and network exposure is predictable. Without explicit NIC configuration, instances may be created without NSGs or with default networking that exposes them to unintended access.

For Ansible VM tasks using `azure.azcollection.azure_rm_virtualmachine` or `azure_rm_virtualmachine`, either the `network_interface_names` property (a list of existing NIC names) or the `network_interfaces` property (a list of interface definitions) must be defined. Tasks missing both `network_interface_names` and `network_interfaces` are flagged. This rule verifies the presence of NIC references only and does not validate whether the referenced NICs themselves have NSGs attached.

Secure configuration examples:

```yaml
- name: Create VM with NIC name
  azure.azcollection.azure_rm_virtualmachine:
    name: myVM
    resource_group: myRG
    network_interface_names:
      - myNic

- name: Create VM with inline NIC definition
  azure.azcollection.azure_rm_virtualmachine:
    name: myVM2
    resource_group: myRG
    network_interfaces:
      - name: myNic2
        primary: true
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: Create a VM with a custom image
  azure_rm_virtualmachine:
    resource_group: myResourceGroup
    name: testvm001
    vm_size: Standard_DS1_v2
    admin_username: adminUser
    admin_password: password01
    image: customimage001
    network_interfaces: testvm001
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
---
- name: Create a VM with a custom image
  azure_rm_virtualmachine:
    resource_group: myResourceGroup
    name: testvm001
    vm_size: Standard_DS1_v2
    admin_username: adminUser
    admin_password: password01
    image: customimage001
```