azure-policy icon indicating copy to clipboard operation
azure-policy copied to clipboard
verified publisher icon Azure

Issue with Linux Guest Configuration extension builin policy

Open bbz94 opened this issue 9 months ago • 0 comments

Can you exclude where imagePublisher is "paloaltonetworks" from this build in Azure policy "Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs"? https://github.com/Azure/azure-policy/blob/de1af0528eae0da93993fc1bc09de3f5f6cc5cee/built-in-policies/policyDefinitions/Guest%20Configuration/DeployExtensionLinux_Prerequisite.json#L30

According Palo Alto kb article VM does not support any Azure extensions to be installed on the PA-VM and services like waagent cannot be installed on the VM-Series: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UlWCAU

Because of this we cannot convert from Managed disk to Unmanaged disk on Palo Alto VM.

Azure build in policy by default should not install any extension on Palo Alto VM if its not supported.

bbz94 avatar Mar 13 '25 10:03 bbz94