You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/governance/policy/concepts/guest-configuration.md
+13-7Lines changed: 13 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,25 +17,31 @@ extension and client. The extension, through the client, validates settings such
17
17
At this time, most Azure Policy Guest Configuration policies only audit settings inside the machine. They don't
18
18
apply configurations. The exception is one built-in policy [referenced below](#applying-configurations-using-guest-configuration).
19
19
20
+
## Resource provider
21
+
22
+
Before you can use Guest Configuration, you must register the resource provider. The resource provider is registered
23
+
automatically if assignment of a Guest Configuration policy is done through the portal. You can manually register
24
+
through the [portal](../../../azure-resource-manager/management/resource-providers-and-types.md#azure-portal), [Azure PowerShell](../../../azure-resource-manager/management/resource-providers-and-types.md#azure-powershell), or [Azure CLI](../../../azure-resource-manager/management/resource-providers-and-types.md#azure-cli).
25
+
20
26
## Extension and client
21
27
22
28
To audit settings inside a machine, a [virtual machine
23
29
extension](../../../virtual-machines/extensions/overview.md) is enabled. The extension downloads
24
30
applicable policy assignment and the corresponding configuration definition.
25
31
32
+
> [!Important]
33
+
> The Guest Configuration extension is required to perform audits in Azure virtual machines.
34
+
> To deploy the extension at scale, assign the following policy definitions:
35
+
> - Deploy prerequisites to enable Guest Configuration Policy on Windows VMs.
36
+
> - Deploy prerequisites to enable Guest Configuration Policy on Linux VMs.
37
+
26
38
### Limits set on the extension
27
39
28
40
To limit the extension from impacting applications running inside the machine, the Guest
29
41
Configuration isn't allowed to exceed more than 5% of CPU. This limitation exists for
30
42
both built-in and custom definitions.
31
43
32
-
## Register Guest Configuration resource provider
33
-
34
-
Before you can use Guest Configuration, you must register the resource provider. You can register
35
-
through the [portal](../../../azure-resource-manager/management/resource-providers-and-types.md#azure-portal), [Azure PowerShell](../../../azure-resource-manager/management/resource-providers-and-types.md#azure-powershell), or [Azure CLI](../../../azure-resource-manager/management/resource-providers-and-types.md#azure-cli). The resource provider is registered automatically if
36
-
assignment of a Guest Configuration policy is done through the portal.
37
-
38
-
## Validation tools
44
+
### Validation tools
39
45
40
46
Inside the machine, the Guest Configuration client uses local tools to run the audit.
0 commit comments