azure-docs
azure-docs copied to clipboard
MicrosoftDocs
docs: Documentation lacks info on how to deploy/audit VM Applications with Azure Policy
This document lacks the information about how to deploy/audit VM applications with Azure Policy. The only "official" Microsoft documentation I could find is this: https://devblogs.microsoft.com/azure-vm-runtime/managing-vm-applications-with-azure-policies
I'd like to see it included in the official Microsoft documentation.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
- ID: 1990fefe-9aee-5205-04aa-02ad58016077
- Version Independent ID: 9737fc6f-99a0-563a-b809-348326155834
- Content: Create and deploy VM application packages - Azure Virtual Machines
- Content Source: articles/virtual-machines/vm-applications-how-to.md
- Service: virtual-machines
- Sub-service: gallery
- GitHub Login: @nikhilpatel909
- Microsoft Alias: jushiman
@rdtechie Thanks for your feedback! We will investigate and update as appropriate.
@rdtechie Yes, here are some links to official Microsoft documentation that provide more information on how to deploy and audit VM applications with Azure Policy:
Deploy applications to VMs using the Custom Script Extension: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Create and manage policies using the Azure Policy service: https://docs.microsoft.com/en-us/azure/governance/policy/overview
I hope these links are helpful. If you have any further questions or concerns, please let me know.
@rdtechie Yes, here are some links to official Microsoft documentation that provide more information on how to deploy and audit VM applications with Azure Policy:
Deploy applications to VMs using the Custom Script Extension: docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Create and manage policies using the Azure Policy service: docs.microsoft.com/en-us/azure/governance/policy/overview
I hope these links are helpful. If you have any further questions or concerns, please let me know.
No they are not. Those are very generic. I expect to find information to find in the location that I've provided above. Now I have to scramble information together myself to get this working. I kindly request to just create an additional section in that article that shows how to do this with Azure Policy. It can even be a curated version of the blogpost that I provided.
@rdtechie Thanks for bringing this to our attention. I'm going to assign this to the document author so they can take a look at it accordingly.
@rdtechie This might be helpful. https://www.azadvertizer.net/azpolicyadvertizer/25c202a4-16b4-403f-82d4-0dba3e3e689a.html We have however NOT gotten it to work for new deployment of a VM, but remediate works.
Would also like a status on this issue @AjayBathini-MSFT & @ericd-mst-github
@rdtechie, I am currently reviewing this and will update on next steps soon.
Managed to get the community policy working and have a PR here https://github.com/Azure/Community-Policy/pull/454. Hopefully this is helpful in the meantime.
@rdtechie, Thank you for your feedback. The document has been updated as part of several updates for Azure Learning and published. Please submit separate feedback for anything else to review/triage. #please-close
docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Thank you but I am not seeing an update on the page?
docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Thank you but I am not seeing an update on the page?
Policy does not remediate automatically on deployment of Windows VM
The PR has the fix made available. Please check the documentation. Should there be any other feedback, I request you to submit separate feedback for us to review/address. Thank you!
@Padmalathas @GabstaMSFT
I am really confused. I don't see an update on this page: https://learn.microsoft.com/en-us/azure/virtual-machines/vm-applications-how-to?tabs=portal
Can you give me the link where the documentation has been added?
@rdtechie, Thank you for checking. May I request you to please log a new ticket/file issue for us to track the documentation to the referenced article? This requires updating the doc to explain how a Policy would be used to deploy an app on a VM if the app on a VM doesn't exist. Currently, deployIfNotExists is an effect that's used in a Policy definition. So, if a VM didn't have an app that's supposed to be installed, the remediation is to install the app on the VM.