Generally available: Apply settings inside machines using Automanage machine configuration
Published Aug 04 2022 09:00 AM 6,820 Views

Release Notes


We are thrilled to announce that applying configurations to virtual machines in Azure and Arc-enabled servers through Automanage machine configuration (formerly guest configuration) is now GA. This is an exciting milestone for both the Azure Governance community and the PowerShell Desired State Configuration (DSC) community.


Machine configuration provides a native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Azure Arc-enabled servers, directly per machine or at scale. Machine Configuration is integrated with Azure Automanage, Microsoft Defender for Cloud, Azure Policy and will continue to expand.


Using machine configuration, you can apply configurations provided by Microsoft in the form of built-in policy definitions or create configuration packages using PowerShell DSC. This GA encompasses assigning built-in DINE policies and assigning custom configurations with ApplyAndMonitor and ApplyAndAutocorrect auditing modes. Alongside this release, we have published a new built-in policy, and have expanded our experience within the Azure Portal.


Machine configuration is now fully GA, allowing customers to both audit and apply configurations inside machines. Let's dive into some of the new capabilities with enforcement mode.


Getting started


We are excited to release a new deploy-if-not-exists policy alongside this release to Configure secure communication protocols (TLS 1.1 or TLS 1.2) on Windows servers.




To assign this policy, please ensure that if you are assigning on an Azure virtual machine, our extension pre-requisites have been installed. This can be done by assigning the pre-requisite initiative: Deploy prerequisites to enable Guest Configuration policies on virtual machines


If you are assigning the configuration to an arc-enabled server, the pre-requisites are present by default.


You can query the compliance status for your entire environment using the Guest Assignments page in the Azure Portal, and through the machine configuration menu item within the Arc for Server table of contents.




Build a Custom Configuration


To build a custom configuration using our PowerShell module, be sure to download the latest version of the module from the PowerShell Gallery.




Using the provided cmdlets, you can package, test, and execute a compiled DSC, and publish the configuration as a policy definition, to assign in your environment.


Learn more about the renaming in the blog and about machine configuration in the documentation. 

Version history
Last update:
‎Aug 04 2022 08:45 AM
Updated by: