You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.B
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines. Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.
The correct answer for the given scenario is B. Azure Automation State Configuration.
Explanation:
Azure Automation State Configuration provides a powerful way to manage configurations of virtual machines running in Azure or on-premises environments. It uses DSC (Desired State Configuration) to define and enforce the state of a target machine to ensure that it meets the configuration requirements.
In this scenario, the goal is to disable unused Windows features automatically as instances of the virtual machines are provisioned. Azure Automation State Configuration can be used to achieve this by defining a configuration file that contains the settings to be applied to the virtual machines. This configuration file can be stored in an Azure Storage Account, and Azure Automation will then deploy the configuration to the virtual machines as they are provisioned.
The configuration file can be defined to disable any unused Windows features by specifying the appropriate PowerShell commands. For example, the following PowerShell command can be used to disable the Telnet client feature:
Disable-WindowsOptionalFeature -FeatureName TelnetClient -Online
Once the configuration file is defined, Azure Automation can be used to apply the configuration to the virtual machines automatically. As new virtual machines are provisioned, the configuration will be automatically applied, ensuring that all virtual machines are configured according to the defined settings.
Device compliance policies in Microsoft Intune are used to enforce policies and settings on mobile devices and computers that are managed by Intune. This is not applicable to the scenario given as it is not focused on managing mobile devices or computers.
Application security groups are used to provide network security by grouping virtual machines together based on their application requirements. This is not applicable to the scenario given as it is not focused on network security.
Azure Advisor provides recommendations for optimizing the performance, security, and reliability of Azure resources. It is not applicable to the scenario given as it does not provide a way to automatically disable unused Windows features.