Azure Policy Guest Configuration provides the capability to audit settings inside VMs on Azure. The newest policy offers the ability to check for installed applications.

There are three Guest Configuration policies in preview. The first policy, which audits password security settings for both Windows and Linux, was released at Ignite 2018.

We have added a policy to audit the encryption protocol in use by Windows Server IIS. The VM will be compliant if TLS version 1.1 or 1.2 is enabled and other protocols are disabled. The policy is named “[Preview]: Audit web server security settings inside Windows VMs.”

We recently published the third policy that audits whether an application is installed inside Windows VMs. The policy is named “[Preview]: Audit applications inside Windows VMs.”

Examples for how this would be used:

VMs must have the latest antimalware solution.

VMs must have a monitoring agent.

VMs must include Chef or Puppet agents.

The policy is checking if Windows lists the software as an installed application. It is not scanning the file system. The intent is to validate trusted software for operational requirements.

A new video series guides customers through their first experience in using Azure Policy Guest Configuration:

What would you like to audit inside virtual machines? Tweet us by using #azurepolicy, or add an item to the issues list with your suggestion.