Blog Post

Azure Governance and Management Blog
2 MIN READ

Generally available: Apply settings inside machines using Automanage machine configuration

jodiboone's avatar
jodiboone
Icon for Microsoft rankMicrosoft
Aug 04, 2022

Release Notes

 

We are thrilled to announce that applying configurations to virtual machines in Azure and Arc-enabled servers through Automanage machine configuration (formerly guest configuration) is now GA. This is an exciting milestone for both the Azure Governance community and the PowerShell Desired State Configuration (DSC) community.

 

Machine configuration provides a native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Azure Arc-enabled servers, directly per machine or at scale. Machine Configuration is integrated with Azure Automanage, Microsoft Defender for Cloud, Azure Policy and will continue to expand.

 

Using machine configuration, you can apply configurations provided by Microsoft in the form of built-in policy definitions or create configuration packages using PowerShell DSC. This GA encompasses assigning built-in DINE policies and assigning custom configurations with ApplyAndMonitor and ApplyAndAutocorrect auditing modes. Alongside this release, we have published a new built-in policy, and have expanded our experience within the Azure Portal.

 

Machine configuration is now fully GA, allowing customers to both audit and apply configurations inside machines. Let's dive into some of the new capabilities with enforcement mode.

 

Getting started

 

We are excited to release a new deploy-if-not-exists policy alongside this release to Configure secure communication protocols (TLS 1.1 or TLS 1.2) on Windows servers.

 

 

To assign this policy, please ensure that if you are assigning on an Azure virtual machine, our extension pre-requisites have been installed. This can be done by assigning the pre-requisite initiative: Deploy prerequisites to enable Guest Configuration policies on virtual machines

 

If you are assigning the configuration to an arc-enabled server, the pre-requisites are present by default.

 

You can query the compliance status for your entire environment using the Guest Assignments page in the Azure Portal, and through the machine configuration menu item within the Arc for Server table of contents.

 

 

Build a Custom Configuration

 

To build a custom configuration using our PowerShell module, be sure to download the latest version of the module from the PowerShell Gallery.

 

 

Using the provided cmdlets, you can package, test, and execute a compiled DSC, and publish the configuration as a policy definition, to assign in your environment.

 

Learn more about the renaming in the blog and about machine configuration in the documentation. 

Updated Aug 04, 2022
Version 1.0

3 Comments

Sort By
  • CatalinCloud's avatar
    CatalinCloud
    Copper Contributor
    Sep 19, 2022

    jodiboone is this "Feature" recommended also for Distributing Software to VMs or not? 🙂

    Many thanks in advance,

    Catalin.Cloud

  • persident's avatar
    persident
    Copper Contributor
    Aug 23, 2022

    Edit 2022-08-24: Version 1.29.45 (or later) has now been deployed to all previously affected Azure locations. This fixed the issue.

    Despite GA, this feature is currently not working for VMs in the following Azure Locations: germanywestcentral, qatarcentral, swedencentral, westus3. Because in these locations version 1.29.43 of the Microsoft.GuestConfiguration.ConfigurationforWindows extension gets deployed. This version does not process ApplyAndAutoCorrect assignments correctly, This has been fixed in extension version 1.29.45, which is available in all other Azure Locations. Issue has been verified in many independent Azure tenants.

  • Aurnov_Chattopadhyay's avatar
    Aurnov_Chattopadhyay
    Icon for Microsoft rankMicrosoft
    Aug 04, 2022

    This is awesome! Great to see the GA of the ability to configure especially as it relates to the custom configurations being authored and DINE policies. Really excited to see the close integration with Azure Automanage and Arc-enabled servers - cutting edge work delivering a modern, configurable, and automated approach towards configuration of not just Azure VM's but servers anywhere. Can't wait to see what else is in store with Machine Configuration and Azure Automanage - at the edge of my virtual seat!