Public preview: Guest Configuration feature for Azure Policy
Posted on Monday, September 24, 2018
A new feature is in preview for Azure Policy. Azure customers now have native tooling that offers visibility inside virtual machines to server and application settings across their subscriptions.
Enterprise organizations have requirements for operating systems, applications, and operational environments. This includes industry security baselines such as CIS/STIG, and application information such as certificate properties or protocol versions. Organizational requirements can even include performance and capacity specifications. We plan to iterate rapidly together with customers to add new content and functionality.
The first policy available for testing is named [Preview]: Audit Password security settings inside Linux and Windows virtual machines. Find this policy in Azure from the Policy resource. Select Definitions and then filter Type to Guest Configuration.
The initiative combines rules that deploy a new VM extension and audit checks performed inside a virtual machine. There are nine settings in the preview policy. Six settings evaluate password policy inside Windows Server by using the latest version of the Microsoft Desired State Configuration platform. Three settings evaluate password-related settings inside Linux servers by using the Chef’s InSpec language. Any additional policies will be based on customer feedback and interest in expanding both tooling and functionality.
To learn more, connect with our team:
- Microsoft Docs: Azure Policy Guest Configuration conceptual overview
- Ignite session: BRK3062 - Architecting security and governance across your Azure subscriptions
- Azure feedback: Governance