Skip to content

Latest commit

 

History

History
55 lines (46 loc) · 2.79 KB

overview.md

File metadata and controls

55 lines (46 loc) · 2.79 KB
title description ms.date ms.topic
How to develop a custom machine configuration package
Learn how to author and validate custom machine configuration packages to audit and enforce state.
02/01/2024
how-to

How to develop a custom machine configuration package

Can we add a note in here about creating a custom policy based on a policy that already exists? This is a very common scenario and we get tons of CRIs from customers who have tried to do this and done it incorrectly. They often think they can directly copy an existing assignment and paste it into a new one, but the data that appears in the portal for an existing assignment is not the same as what needs to be included in a new assignment. I think putting a note about this in this doc as well as a link to instructions on how to succesfully duplicate an assignment correctly (and test it) would really help.

Before you begin, it's a good idea to read the overview page for machine configuration.

Machine configuration uses Desired State Configuration (DSC) when auditing and configuring both Windows and Linux. The DSC configuration defines the condition that the machine should be in.

Important

Custom packages that audit the state of an environment and apply configurations are in Generally Available (GA) support status. However, the following limitations apply:

To use machine configuration packages that apply configurations, Azure VM guest configuration extension version 1.26.24 or later, or Arc agent 1.10.0 or later, is required.

The GuestConfiguration module is only available on Ubuntu 18 and later. However, the package and policies produced by the module can be used on any Linux distribution and version supported in Azure or Arc.

Testing packages on macOS isn't available.

Don't use secrets or confidential information in custom content packages.

Use the following steps to develop your own configuration for managing the state of an Azure or non-Azure machine.

  1. Set up a machine configuration authoring environment
  2. Create a custom machine configuration package artifact
  3. Test the package artifact
  4. Publish the package artifact
  5. Provide access to a package
  6. Sign the package artifact

The following video provides a step by step guide on how to author a custom machine configuration policy using the GuestConfiguration PowerShell module.

[!VIDEO https://www.youtube.com/embed/75MTIftSEfk?si=tiJwHNlXckpM7k75]