I’ve recently got some questions related to Azure Policy Guest Configuration and an ARM template to deploy pre-requisites in order to work with the feature.
In this article, I’d like to share ARM template to deploy Azure Policy Guest Configuration extension.
Linux VM
For Linux VM, below is the extension code:
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'), '/GuestConfigForLinux')]",
"location": "[parameters('location')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"publisher": "Microsoft.GuestConfiguration",
"type": "ConfigurationForLinux",
"typeHandlerVersion": "1.2",
"autoUpgradeMinorVersion": true
}
}
Windows VM
For Windows VM, use the below code:
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'), '/GuestConfigForWindows')]",
"location": "[parameters('location')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"publisher": "Microsoft.GuestConfiguration",
"type": "ConfigurationForWindows",
"typeHandlerVersion": "1.2",
"autoUpgradeMinorVersion": true
}
}
Sample templates can be found from the following link:
- ARM template for Windows VM with Guest Configuration extension
- ARM template for Linux VM with Guest Configuration extension
Extension Deployment via Script
If you’d like to deploy via Azure CLI, use the following script:
az vm extension set --resource-group "vm-rg" \
--vm-name "linux-vm" \
--name ConfigurationForLinux \
--publisher Microsoft.GuestConfiguration \
--version 1.2.0or PowerShell script:
$vmName = "vm00001" $vmRgName = "azsec-corporate-rg" $extensionName = "ConfigurationForLinux" $publisher = "Microsoft.GuestConfiguration" $vm = Get-AzVm -ResourceGroupName $vmRgName -Name $vmName Set-AzVMExtension -ResourceGroupName $vmRgName ` -VMName $vm.Name ` -Name $extensionName ` -Location $vm.Location ` -Publisher $publisher ` -Type "ConfigurationForLinux" ` -TypeHandlerVersion "1.2"