Share via

Azure: Guest Configuration extension in Public Preview or GA?

Ken McKee 1 Reputation point
2022-02-18T18:59:22.6+00:00

Hello,

In our Azure subscription, we've been making changes to come into compliance with the Azure Security Benchmark. One of the items remaining is to install the "Guest Configuration" extension on our VMs. However, I cannot find any information showing whether the extension is in GA or Public Preview? The reason I'm questioning this is because the Defender for Cloud portal claims that automatic rollout of the extension is in Preview, unlike automatic rollout of the Log Analytics extension. Can anyone confirm this for me? I don't want to deploy the extension to our production machines if it's not GA.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,014 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Stanislav Zhelyazkov 28,186 Reputation points MVP Volunteer Moderator
    2022-02-23T07:34:20.297+00:00

    Hi,
    Probably only the portal experience is preview. When you enable that what it does it to create policy assignments based on built-in policy definitions. The definitions are:
    /providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6
    Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

    /providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da
    Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs

    /providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e
    Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities

    /providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6
    Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity

    As you can see none of these policy definitions are preview.

    The policy assignments are with names:
    ASC provisioning Guest Configuration agent for Windows
    ASC provisioning Guest Configuration agent for Linux
    ASC provisioning machines with no MI for GC agent
    ASC provisioning machines with user assigned MI for GC agent

    and you are able to see them in Azure policy. Basically, Defender for Cloud is on this journey of moving things that were done by that team to using natively Azure Policy where applicable.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.