New Azure Policy Definition: Deploy Microsoft IaaSAntimalware extension with custom configurations

Microsoft provides a built-in Azure Policy definition for deploying Windows Defender VM Extension. The name of this policy definition is Deploy default Microsoft IaaSAntimalware extension for Windows Server (id: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc) This policy definition has many limitations: It does not support Windows 10 VMs It does not support custom VM images It does not support customization of the Windows Defender configurations (i.e. scan exclusions, etc.) I had a requirement to automatically deploy this VM extension with customised configuration. So I have re-written this policy, addressed all the limitations listed above. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-windows-defender-vm-extension-custom-config.

Continue reading

New Azure Policy Definition: Deploy VM Shutdown Schedule

I wrote an Azure Policy definition few days ago, it deploys VM shutdown schedule together with VMs using deployIfNotExists effect. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-vm-shutdown-schedule. This policy will be very useful when managing non-production workload. Input parameters: Deployed schedule:

Continue reading
%d bloggers like this: