Quick notes in deploying Guest Configuration Extension on Azure VM

Azure Policy Guest Configuration allows you to audit configuration inside host. It sounds very much similar to Azure Automation Account Desired State Configuration (DSC). In fact the concept is similar to DSC but Azure Policy uses a dedicated agent called Guest Configuration.

This article is just going to give you a quick note to deploy the Guest Configuration extension manually.

If you search over Google you may be led to this page https://github.com/Azure/Guest-Configuration-Extension where Microsoft provides a command-line to install guest Configuration Extension.

If you run this command-line you will definitely run into the errorĀ “Extension with publisher ‘Microsoft.GuestConfiguration’, type ‘ConfigurationForLinux’, and type handler version ‘0.8’ could not be found in the extension repository.”

The extension version 0.8 seems to be removed in the repository. The newest one is 1.2. Below is the valid command-line

az vm extension set --resource-group "vm-rg" \
                    --vm-name "linux-vm" \
                    --name ConfigurationForLinux \
                    --publisher Microsoft.GuestConfiguration \
                    --version 1.2.0

Once the command-line is succeeded, the output will look like as follows:

  "autoUpgradeMinorVersion": true,
  "forceUpdateTag": null,
  "id": "/subscriptions/XXXXXXXXXXX/resourceGroups/vm-rg/providers/Microsoft.Compute/virtualMachines/linuxvm/extensions/ConfigurationForLinux",
  "instanceView": null,
  "location": "westus",
  "name": "ConfigurationForLinux",
  "protectedSettings": null,
  "provisioningState": "Succeeded",
  "publisher": "Microsoft.GuestConfiguration",
  "resourceGroup": "vm-rg",
  "settings": null,
  "tags": null,
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "typeHandlerVersion": "1.2",
  "virtualMachineExtensionType": "ConfigurationForLinux"



This entry was posted in Security Automation and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.