ARM template for Azure VM with Guest Configuration

Posted on 03/22/2020 by azsec

I’ve recently got some questions related to Azure Policy Guest Configuration and an ARM template to deploy pre-requisites in order to work with the feature.

In this article, I’d like to share ARM template to deploy Azure Policy Guest Configuration extension.

Linux VM

For Linux VM, below is the extension code:

{
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "name": "[concat(parameters('vmName'), '/GuestConfigForLinux')]",
    "location": "[parameters('location')]",
    "apiVersion": "2015-05-01-preview",
    "dependsOn": [
        "[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.GuestConfiguration",
        "type": "ConfigurationForLinux",
        "typeHandlerVersion": "1.2",
        "autoUpgradeMinorVersion": true
     }
}

Windows VM

For Windows VM, use the below code:

{
   "type": "Microsoft.Compute/virtualMachines/extensions",
   "name": "[concat(parameters('vmName'), '/GuestConfigForWindows')]",
   "location": "[parameters('location')]",
   "apiVersion": "2015-05-01-preview",
   "dependsOn": [
       "[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
   ],
   "properties": {
       "publisher": "Microsoft.GuestConfiguration",
       "type": "ConfigurationForWindows",
       "typeHandlerVersion": "1.2",
       "autoUpgradeMinorVersion": true
    }
}

Sample templates can be found from the following link:

Extension Deployment via Script

If you’d like to deploy via Azure CLI, use the following script:

az vm extension set --resource-group "vm-rg" \
                    --vm-name "linux-vm" \
                    --name ConfigurationForLinux \
                    --publisher Microsoft.GuestConfiguration \
                    --version 1.2.0

or PowerShell script:

$vmName = "vm00001"
$vmRgName = "azsec-corporate-rg"
$extensionName = "ConfigurationForLinux"
$publisher = "Microsoft.GuestConfiguration"
$vm = Get-AzVm -ResourceGroupName $vmRgName -Name $vmName

Set-AzVMExtension -ResourceGroupName $vmRgName `
                  -VMName $vm.Name `
                  -Name $extensionName `
                  -Location $vm.Location `
                  -Publisher $publisher `
                  -Type "ConfigurationForLinux" `
                  -TypeHandlerVersion "1.2"

 

This entry was posted in Governance & Compliance and tagged . Bookmark the permalink.

Leave a Reply