New Azure Policy Definition: Deploy Microsoft IaaSAntimalware extension with custom configurations

Microsoft provides a built-in Azure Policy definition for deploying Windows Defender VM Extension. The name of this policy definition is Deploy default Microsoft IaaSAntimalware extension for Windows Server (id: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc)

This policy definition has many limitations:

  1. It does not support Windows 10 VMs
  2. It does not support custom VM images
  3. It does not support customization of the Windows Defender configurations (i.e. scan exclusions, etc.)

I had a requirement to automatically deploy this VM extension with customised configuration. So I have re-written this policy, addressed all the limitations listed above. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-windows-defender-vm-extension-custom-config. With this definition, you can customize your configuration using the following parameters:

image

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: