crowdstrike/tenable with aZURE POLICY

Ankita Rani Patro 176 Reputation points
2022-06-02T19:39:29.48+00:00

Hi ,

I need urgent help on creating Azure policy for crowdstrike,tenable to push in all server. Please let me know if anyone has done before

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
798 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 20,341 Reputation points
    2022-06-06T10:08:26.193+00:00

    Hi @Ankita Rani Patro ,

    Welcome to Microsoft Q&A! Thanks for posting the question.

    I understand that you are trying to install crowdstrike/tenable on Azure VMs (or Azure-arc enabled VMs). Please correct me, if I misunderstood it. While I don't have a readymade solution to this query, the following guidelines/resources should help you.

    The following is one of the ways to ensure that something is installed on a VM (or install it if absent) through Azure Policy with VM Extensions:

    It uses DeployIfNotExists effect in Policy Definition to deploy extensions on VM. This is particularly useful when VM extension for required service/application is available. The following are 2 sample provided to help you understand the structure of such Policy
    Configure Dependency agent on Azure Arc enabled Linux servers
    Configure Dependency agent on Azure Arc enabled Windows servers

    For Crowdstrike Falcon, I was able to get the ARM template through their GitHub repository as available below:
    ARM for Linux
    Settings for Windows

    Therefore, if such VM extensions are available for the applications that you are trying to install, you can do it using the Azure Policy definition with "deployIfNotExist" effect.

    Please let me know if you have any questions.

    ---
    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    0 comments