VM Extension (Datadog) Install with Azure Policy

Hello Community,

it is possible to install an Extension on an Azure VM with Azure Policy?
An Customer use Datadog fof his Monitoring and would like to install the VM Extension on all the Azure VMs.

Now was the question about install the Extension with an Azure Policy.

  1. SwathiDhanwada-MSFT 18,036 Reputation points

    @PhilippGerber-6516 Thanks for your query. Yes, it's possible to install an extension on Azure VM with Azure Policy. You can create PowerShell script to install the Datadog and you can use below Azure Policy to deploy the extension.

    "policyRule": {
        "if": {
            "allOf": [
                    "field": "type",
                    "equals": "Microsoft.Compute/virtualMachines"
                    "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                    "equals": "Windows"
        "then": {
            "effect": "deployIfNotExists",
            "details": {
                "type": "Microsoft.Compute/virtualMachines/extensions",
                "roleDefinitionIds": [
                "existenceCondition": {
                    "allOf": [
                            "field": "name",
                            "contains": "DatadogExtension"
                "deployment": {
                    "properties": {
                        "mode": "incremental",
                        "template": {
                            "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                            "contentVersion": "",
                            "parameters": {
                                "vmName": {
                                    "type": "String"
                                "location": {
                                    "type": "String"
                                "fileUris": {
                                    "type": "String"
                                "arguments": {
                                    "defaultValue": " ",
                                    "type": "SecureString"
                            "variables": {
                                "UriFileNamePieces": "[split(parameters('fileUris'), '/')]",
                                "firstFileNameString": "[variables('UriFileNamePieces')[sub(length(variables('UriFileNamePieces')), 1)]]",
                                "firstFileNameBreakString": "[split(variables('firstFileNameString'), '?')]",
                                "firstFileName": "[variables('firstFileNameBreakString')[0]]"
                            "resources": [
                                    "type": "Microsoft.Compute/virtualMachines/extensions",
                                    "apiVersion": "2015-06-15",
                                    "name": "[concat(parameters('vmName'),'/DataDogExtension')]",
                                    "location": "[parameters('location')]",
                                    "properties": {
                                        "publisher": "Microsoft.Compute",
                                        "type": "CustomScriptExtension",
                                        "typeHandlerVersion": "1.9",
                                        "autoUpgradeMinorVersion": true,
                                        "settings": {
                                            "fileUris": "[split(parameters('fileUris'), ' ')]"
                                        "protectedSettings": {
                                            "commandToExecute": "[concat ('powershell -ExecutionPolicy Unrestricted -File ', variables('firstFileName'), ' ', parameters('arguments'))]"
                        "parameters": {
                            "vmName": {
                                "value": "[field('name')]"
                            "location": {
                                "value": "[field('location')]"
                            "fileUris": {
                                "value": "<url of powershell script>"
