New Azure Policy Definition: Deploy Microsoft IaaSAntimalware extension with custom configurations

less than 1 minute read

Microsoft provides a built-in Azure Policy definition for deploying Windows Defender VM Extension. The name of this policy definition is Deploy default Microsoft IaaSAntimalware extension for Windows Server (id: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc)

This policy definition has many limitations:

  1. It does not support Windows 10 VMs
  2. It does not support custom VM images
  3. It does not support customization of the Windows Defender configurations (i.e. scan exclusions, etc.)

I had a requirement to automatically deploy this VM extension with customised configuration. So I have re-written this policy, addressed all the limitations listed above. You can find it at my Azure Policy GitHub repo: With this definition, you can customize your configuration using the following parameters:


Leave a comment