Configure data based on Security Technical Information Guide (STIG)
Applies To: Windows PowerShell 5.1
Before you enable Automation State Configuration, we would like you to know that a newer version of DSC is now generally available, managed by a feature of Azure Policy named guest configuration. The guest configuration service combines features of DSC Extension, Azure Automation State Configuration, and the most commonly requested features from customer feedback. Guest configuration also includes hybrid machine support through Arc-enabled servers.
Creating configuration content for the first time can be challenging. In many cases, the goal is to automate configuration of servers following a "baseline" that hopefully aligns to an industry recommendation.
This article refers to a solution that is maintained by the Open Source community. Support is only available in the form of GitHub collaboration, not from Microsoft.
Community project: PowerSTIG
Dealing with baselines is more complicated than it sounds. Many organizations need to document exceptions to rules and manage that data at scale. PowerSTIG addresses the problem by providing Composite Resources to address each area of the configuration rather than trying to address the entire range of settings in one large file.
Once the configurations have been generated, you can use the DSC Configuration scripts to generate MOF files and upload the MOF files to Azure Automation. Then register your servers from either on-premises or in Azure to pull configurations.
- To understand PowerShell DSC, see Windows PowerShell Desired State Configuration overview.
- Find out about PowerShell DSC resources in DSC Resources.
- For details of Local Configuration Manager configuration, see Configuring the Local Configuration Manager.