Control: Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
Description
This policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_vm_guest_configuration_installed_windowsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_vm_guest_configuration_installed_windows --shareSQL
This control uses a named query:
with agent_installed_vm as ( select distinct a.vm_id from azure_compute_virtual_machine as a, jsonb_array_elements(extensions) as b where b ->> 'Publisher' = 'Microsoft.GuestConfiguration' and b ->> 'ProvisioningState' = 'Succeeded' and b ->> 'ExtensionType' = 'ConfigurationforWindows' and b ->> 'Name' like '%AzurePolicyforWindows')select a.vm_id as resource, case when a.os_type <> 'Windows' then 'skip' when b.vm_id is not null then 'ok' else 'alarm' end as status, case when a.os_type <> 'Windows' then a.title || ' is of ' || a.os_type || ' operating system.' when b.vm_id is not null then a.title || ' have guest configuration extension installed.' else a.title || ' guest configuration extension not installed.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_virtual_machine as a left join agent_installed_vm as b on a.vm_id = b.vm_id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;