Policy to automate installation of crowdstrike and insightVM on VMs

Question

1. Can we implement azure policy to install insightVM and CrowdStrike on Azure Virtual machines automatically? If yes how it can be done?
2. is there any way to check whether these polices exist in particular subscription or not?

Please clarify.

Answer 1

sns, thank you for posting this question on Q&A.

Yes, you can definitely implement Azure Policy to enable VMInsights and Crowdstrike agents on Azure VMs automatically. The following points provide additional information.

1. VM Insights using Policy - There are built-in Azure Policies and Initiative which helps you enable VM insights automatically on the VMs. For details, see Enable VM insights by using Azure Policy. These initiatives will only need to be assigned to the required scope and it will be done.
2. Crowdstrike - There is no built-in policy, therefore it will have to be authored. For this, DeployIfNotExists effect of Azure Policy definition can be used coupled with respective ARM templates to install this extension if not available. You may also refer to answer provided here for more details of how this can be achieved - crowdstrike/tenable with Azure Policy
3. To check these policies, you may use Azure Portal - search for Policy --> Definition. This contains a list of all initiatives and policies which are available - both built-in as well as custom.

Hope this helps. If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.