OPS114: Governing baselines in hybrid server environments using Azure Policy Guest Configuration
Published Feb 02 2021 08:30 AM 5,602 Views

In this session, Michael Greene and Thomas Maurer discuss Azure Policy Guest Configuration in a Hybrid Cloud environment. Learn to use services in Azure to audit the state of servers across private and public clouds and upcoming plans to expand capabilities in this area.



Michael Greene, Principal Program Manager Microsoft Azure 



Understand Azure Policy's Guest Configuration

Azure Policy can audit settings inside a machine, both for machines running in Azure and Arc Connected Machines. The validation is performed by the Guest Configuration extension and client. The extension, through the client, validates settings such as:

  • The configuration of the operating system
  • Application configuration or presence
  • Environment settings


What is Azure Arc enabled servers?

Azure Arc enabled servers allows you to manage your Windows and Linux machines hosted outside of Azure, on your corporate network, or other cloud provider consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is included in a resource group, and benefits from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a customer's on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments, using Azure Lighthouse with Azure Arc.

To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn't replace the Azure Log Analytics agent. The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like Azure Security Center.


This session includes:

0:00 Introduction
3:40 Providing Feedback and Community
5:10 Hybrid solution using Azure Arc
8:30 Demo using Azure Policy Guest Configuration
18:39 Demo How to set up Azure Policy Guest Configuration for Azure Arc machines
23:19 Azure Arc enabled servers
27:33 What is next for Azure Policy Guest Configuration
31:13 Wrap up


Community Chat

Want to chat about this session? Come join us on Discord! https://aka.ms/ops114-chat 


Learn More

I hope you enjoyed that session. Please take a moment to submit your feedback at https://aka.ms/ops114-feedback 

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks

Version history
Last update:
‎May 11 2021 06:33 AM
Updated by: