I'm looking for a way to automate the installation of VM applications in Azure. While I know that extending VMs with policies like deploying the Microsoft IaaSAntimalware extension on Windows servers is relatively easy, it seems that automating the installation of VM Applications isn't quite as straightforward. Has anyone successfully implemented a method for automating the onboarding of these applications using Azure Policy or alternative automation techniques? I'm thinking of using Azure Functions or Automation Accounts triggered upon VM creation, but I prefer using Azure Policy for compliance tracking. Any suggestions would be greatly appreciated!
4 Answers
I've had success adding VM applications directly using Terraform. It works great for our RMM tools, which need to be enforced across all server and AVD modules.
I typically handle this with Terraform too. You can configure both extensions and VM Applications within a VM Scale Set, ensuring any VMs created inherit those settings.
How are you deploying your VMs? Integrate it into your automation process—if you’re using Terraform, Bicep, or ARM templates, that’s the way to go. If you don’t have those, an Automation Account with PowerShell will work, too.
Using Azure Policy is definitely doable. We set this up for a client using the 'deploy if not exist' rule to pull applications from a gallery.
I mainly deploy VMs with Bicep, and it works fine. The issue is when external users manually create VMs via the portal. But I’ve just managed to create an Azure policy that automates this, so that helps! Thanks for the advice!