You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.B
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC-Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on-premises.
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-startedThe correct answer is B. Azure Automation State Configuration.
Explanation: Azure Automation State Configuration is a cloud-based configuration management service that enables you to write, manage, and compile PowerShell Desired State Configuration (DSC) configurations for the resources in your environment. Azure Automation State Configuration helps you maintain the desired state of your Azure resources and automatically fix configuration drift.
To disable unused Windows features automatically as instances of the virtual machines are provisioned, you can create a PowerShell Desired State Configuration (DSC) configuration file that specifies the features you want to disable. You can then apply this configuration file to the virtual machines using Azure Automation State Configuration.
Option A: Device configuration policies in Microsoft Intune are used to manage settings and features on devices that are enrolled with Intune. However, Intune is primarily used for managing mobile devices, and it may not be the best solution for managing virtual machines.
Option C: Security policies in Azure Security Center are used to monitor and enforce compliance with security best practices. However, they are not designed to manage Windows features.
Option D: Device compliance policies in Microsoft Intune are used to assess whether devices are compliant with your organization's security policies. They are not designed to manage Windows features.
In summary, Azure Automation State Configuration is the most appropriate solution for disabling unused Windows features automatically as instances of the virtual machines are provisioned.