Azure Governance and Management Blog articles

Azure Governance and Management Blog articles

https://techcommunity.microsoft.com/t5/azure-governance-and-management/bg-p/AzureGovernanceandManagementBlog

Azure Governance and Management Blog articles

Generally available: Apply settings inside machines using Automanage machine configuration

Published

Generally available: Apply settings inside machines using Automanage machine configuration

Release Notes

 

We are thrilled to announce that applying configurations to virtual machines in Azure and Arc-enabled servers through Automanage machine configuration (formerly guest configuration) is now GA. This is an exciting milestone for both the Azure Governance community and the PowerShell Desired State Configuration (DSC) community.

 

Machine configuration provides a native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Azure Arc-enabled servers, directly per machine or at scale. Machine Configuration is integrated with Azure Automanage, Microsoft Defender for Cloud, Azure Policy and will continue to expand.

 

Using machine configuration, you can apply configurations provided by Microsoft in the form of built-in policy definitions or create configuration packages using PowerShell DSC. This GA encompasses assigning built-in DINE policies and assigning custom configurations with ApplyAndMonitor and ApplyAndAutocorrect auditing modes. Alongside this release, we have published a new built-in policy, and have expanded our experience within the Azure Portal.

 

Machine configuration is now fully GA, allowing customers to both audit and apply configurations inside machines. Let's dive into some of the new capabilities with enforcement mode.

 

Getting started

 

We are excited to release a new deploy-if-not-exists policy alongside this release to Configure secure communication protocols (TLS 1.1 or TLS 1.2) on Windows servers.

 

jodiboone_0-1659485716712.png

 

To assign this policy, please ensure that if you are assigning on an Azure virtual machine, our extension pre-requisites have been installed. This can be done by assigning the pre-requisite initiative: Deploy prerequisites to enable Guest Configuration policies on virtual machines

 

If you are assigning the configuration to an arc-enabled server, the pre-requisites are present by default.

 

You can query the compliance status for your entire environment using the Guest Assignments page in the Azure Portal, and through the machine configuration menu item within the Arc for Server table of contents.

 

jodiboone_1-1659485743110.png

 

Build a Custom Configuration

 

To build a custom configuration using our PowerShell module, be sure to download the latest version of the module from the PowerShell Gallery.

 

jodiboone_2-1659485784064.png

 

Using the provided cmdlets, you can package, test, and execute a compiled DSC, and publish the configuration as a policy definition, to assign in your environment.

 

Learn more about the renaming in the blog and about machine configuration in the documentation. 

Continue to website...

More from Azure Governance and Management Blog articles

Related Posts