Azure – Azure Policy now audits installed applications on VM’s

You may already know Azure Policy, introduced during Ignite 2018.

If no, Azure Policy has the capability to apply audit settings on virtual machines (VM’s) running on Azure. The first policies can audit password security settings on both Windows and Linux VM’s or the encryption protocol used by IIS (aka TLS – in this case the VM is compliant if TLS 1.1 or 1.2 is enabled and other protocols disabled).

A new policy (prefixes with Preview) has been introduced to audit application installed on Windows.

Enable the audit policy

Using the portal

    • Access the Subscriptions blade (if you have multiple subscriptions you have to repeat the next step for each)


    • Reach the Resource providers configuration blade and search for Microsoft.GuestConfiguration to enable it


The registration process may take few minutes

Using PowerShell

    • You must have the Azure PowerShell module installed
    • Connect to your Azure tenant



    • Execute the following command (keep in mind it will register the provide for the default/current subscription you are connected to; if you have multiple subscriptions you will have to repeat it)

Once executed, the command returns the RegistrationState as registering

Register-AzureRmResourceProvider -ProviderNamespace ‘Microsoft.GuestConfiguration’


You can check the registration process is completed using the command; it must then return Registered for the RegistratonState

Get-AzureRmResourceProvider -ProviderNamespace ‘Microsoft.GuestConfiguration’



Apply the policy

  • You can apply a policy using either Desired State Configuration for Windows machine or Chef InSpec for Linux machine

The policies are available through the Policy blade on the Azure portal


When you go to the Definitions blade and filter for the Guest Configuration category you will be able to see all the policies applied – including the new ones prefixed with Preview


You can then assign the policy/policies you want using the Policy Assignment\Assign policy and add the policy you want to apply




The compliance results are available through the Compliance blade


Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.