DEVHIDE
Login Or Sign up

Azure Policy Not Creating Guest Assignment

114 Views Asked by At

I am trying to create a simple Azure policy to audit compliance of a security rule (using a custom package artifact), and apply the policy to an Azure VM (Windows server 2019). The policy reports '100% (0 out of 0)' compliance and returns no results. The problem seems to be that there is no guest assignment being automatically created.

The DSC from which the policy is derived looks like:

Configuration TwelveCharMinPassword
{
    param 
    (
        [ValidateRange(12,999)]
        [Int32]$Password_Length = 12
    ) 

    Import-DSCResource -ModuleName 'PSDscResources'
    Import-DSCResource -ModuleName 'AuditPolicyDSC' #-ModuleVersion '1.1.0.0'
    Import-DSCResource -ModuleName 'SecurityPolicyDSC' #-ModuleVersion '2.1.0.0'

    AccountPolicy "Ensure system passwords that are at least 12 characters" {
        Minimum_Password_Length = $Password_Length
        Name = "Minimum_Password_Length"
        }
}

TwelveCharMinPassword

The generated policy definition JSON also contains the following metadata, which I think should lead it to create a guest configuration, but it does not (the content URI has been removed for security purposes):

      "category": "Guest Configuration",
      "version": "1.0.0",
      "requiredProviders": [
        "Microsoft.GuestConfiguration"
      ],
      "guestConfiguration": {
        "name": "TwelveCharMinPassword",
        "version": "True",
        "contentType": "Custom",
        "contentUri": ""
      },

I have tried creating ang publishing the policy using the following, and then assigning it to a VM through the Azure portal.

$DscName = "TwelveCharMinPassword"
$guid = [guid]::NewGuid().ToString()

# create policy definition and save locally
$PolicyConfig = @{
PolicyId = $guid
ContentUri = ""
DisplayName = "TwelveCharMinPasswordPolicy"
Description = "Twelve Char Min Password Policy"
Path = "./policies"
Platform = 'Windows'
PolicyVersion = '1.0.0'
}

New-GuestConfigurationPolicy @PolicyConfig -Verbose


# Publish policy definition to Azure 

$JsonPath = 'policies/'+$DscName+'_AuditIfNotExists.json'
$PolicyJson = Get-Content -Path $JsonPath -Raw

Write-Output ''
Write-Output 'Publishing policy definition to Azure'
New-AzPolicyDefinition -Name $DscName -Policy $PolicyJson -Verbose

After assignment of the policy, the expectation was for a guest assignment to be created but this has not happened, and no error message has been presented.

azure policy dsc
Original Q&A
0

There are 0 best solutions below

Related Questions in AZURE

Related Questions in POLICY

Related Questions in DSC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.