Settings to non domain vmss instances

Wool Sock 261 Reputation points
2023-03-29T07:04:03.5366667+00:00

We are planning to use VMSS and because instance count are chaining based of load, we plan not to domain join them. This leads that they are not getting our normal GPOs but we still need to somehow manage certain settings.

I tried to find best practices for this kind of scenario but were not able to find anything usefully. So If I have certain settings that would need to be in place automatically to new instances when it is scaling so what is proper way to achieve this?

Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets
Azure compute resources that are used to create and manage groups of heterogeneous load-balanced virtual machines.
347 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. vipullag-MSFT 24,111 Reputation points Microsoft Employee
    2023-03-29T08:03:44.98+00:00

    Hello Wool Sock

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    For your ask, you can use Azure VM extensions and Azure Policy with VM Scale Sets. When you use VM Scale Sets, you can configure the extensions and policies at the scale set level, and they will be applied to all VM instances in the scale set. This way, you can ensure that all VM instances in the scale set have the necessary settings.

    Azure VM extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. You can use extensions to configure things like security settings, install software, and manage VMs. You can use the Custom Script Extension to run scripts on your VMs. The script can be stored in Azure Storage or GitHub, or it can be embedded in your template. You can also use the PowerShell DSC Extension to configure your VMs with PowerShell Desired State Configuration (DSC).

    Another option is to use Azure Policy to enforce certain settings on your VM instances. Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. You can use Azure Policy to enforce settings like password policies, encryption, and network security.

    Hope this helps.

    If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.