Tao Yang

I am a Microsoft Azure MVP based in Melbourne, Australia.

New Azure Policy Definition: Deploy Microsoft IaaSAntimalware extension with custom configurations

less than 1 minute read

Microsoft provides a built-in Azure Policy definition for deploying Windows Defender VM Extension. The name of this policy definition is Deploy default Microsoft IaaSAntimalware extension for Windows Server (id: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc)

This policy definition has many limitations:

It does not support Windows 10 VMs
It does not support custom VM images
It does not support customization of the Windows Defender configurations (i.e. scan exclusions, etc.)

I had a requirement to automatically deploy this VM extension with customised configuration. So I have re-written this policy, addressed all the limitations listed above. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-windows-defender-vm-extension-custom-config. With this definition, you can customize your configuration using the following parameters:

Share on

Twitter Facebook LinkedIn

Leave a comment

You may also enjoy

PowerShell Module AzPolicyTest V2.0 Released

6 minute read

Introduction I created the PowerShell module AzPolicyTest (GitHub, PowerShellGallery) back in 2019. This module provides a list of Pester tests can be used t...

Enhanced Azure Bicep Modules for Azure Policy Resources

6 minute read

Introduction

Azure Bicep Module for Network Security Groups

3 minute read

Introduction

Managing Azure Private Endpoints using Azure Policy

2 minute read

Using Azure policies to manage the configuration of resources has become a very common practice and there are already many articles covering this topic. When...