The definition is located HERE in my AzurePolicy GitHub repo.
To validate my thoughts, I have developed a Policy definition to do just that. At that time, I thought wouldn’t it be so easy if Azure Policy is used, and we can automatically deploy MS Antimalware VM extension with a default list of folders, files and processes to be excluded for SQL.
During my engagement, we had few instances that the Azure SQL VMs that we have deployed did not get appropriate AV exclusion settings applied. They do not use the Microsoft Antimalware VM extension, but instead, all the AV settings were pushed to Azure VMs via SCCM. The customer uses only Terraform to deploy resources to Azure, and the use of Azure Policy was very limited in that environment. I have just finished a very lengthy engagement, where I had been working exclusively on Terraform. Azure Policy for Deploy Anti-malware VM Extension for SQL VMs
0 kommentar(er)
