We are thrilled to announce that applying configurations to virtual machines in Azure and Arc-enabled servers through Automanage machine configuration (formerly guest configuration) is now GA. This is an exciting milestone for both the Azure Governance community and the PowerShell Desired State Configuration (DSC) community.
Machine configuration provides a native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Azure Arc-enabled servers, directly per machine or at scale. Machine Configuration is integrated with Azure Automanage, Microsoft Defender for Cloud, Azure Policy and will continue to expand.
Using machine configuration, you can apply configurations provided by Microsoft in the form of built-in policy definitions or create configuration packages using PowerShell DSC. This GA encompasses assigning built-in DINE policies and assigning custom configurations with ApplyAndMonitor and ApplyAndAutocorrect auditing modes. Alongside this release, we have published a new built-in policy, and have expanded our experience within the Azure Portal.
Machine configuration is now fully GA, allowing customers to both audit and apply configurations inside machines. Let's dive into some of the new capabilities with enforcement mode.
We are excited to release a new deploy-if-not-exists policy alongside this release to Configure secure communication protocols (TLS 1.1 or TLS 1.2) on Windows servers.
To assign this policy, please ensure that if you are assigning on an Azure virtual machine, our extension pre-requisites have been installed. This can be done by assigning the pre-requisite initiative: Deploy prerequisites to enable Guest Configuration policies on virtual machines
If you are assigning the configuration to an arc-enabled server, the pre-requisites are present by default.
You can query the compliance status for your entire environment using the Guest Assignments page in the Azure Portal, and through the machine configuration menu item within the Arc for Server table of contents.