You have an Azure virtual machine named VM1 that runs Windows Server.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/guest-configurationThe correct answer is C. Configure VM1 to use a system-assigned managed identity.
Explanation:
Azure Policy is a service in Azure that you can use to create, assign, and manage policies. Guest configuration policies allow you to define rules that apply to resources running in an Azure environment, including virtual machines (VMs).
To use the Azure Policy guest configuration feature to manage VM1, you need to configure VM1 to use a managed identity. A managed identity is an Azure Active Directory (Azure AD) object that you can use to authenticate to services that support Azure AD authentication. There are two types of managed identities:
In this case, you should use a system-assigned managed identity because it is simpler to configure and manage. To enable the system-assigned managed identity for VM1, follow these steps:
After enabling the system-assigned managed identity for VM1, you can use it to manage VM1 using Azure Policy guest configuration.
Option A (Add the PowerShell Desired State Configuration (DSC) extension to VM1) is incorrect because the PowerShell DSC extension is used to apply and monitor configurations on VMs, but it is not related to Azure Policy guest configuration.
Option B (Configure VM1 to use a user-assigned managed identity) is incorrect because it requires additional steps to create and configure a user-assigned managed identity, which is not necessary in this case.
Option D (Add the Custom Script Extension to VM1) is incorrect because the Custom Script Extension is used to run custom scripts on VMs, but it is not related to Azure Policy guest configuration.