Extensions are how we perform various automation tasks on a Virtual Machine. There are already many good documentation on Microsoft on extensions. This article is about how to apply extensions on Virtual Machines.
The first thing about extensions is that their availability is based on region (as your Virtual Machine’s current region). The second thing about extensions is that there are many publishers and not just Microsoft. There’s more on the publisher name in a moment. The last point here is that there could be many specific versions of an extension.
We can invoke the following command to find all available extensions in a region.
Get-AzVmImagePublisher -Location "CentralUS"This command will return a lot of results including publisher name and location. Notice that the PublisherName is more like a namespace than a publisher concept. Next, we want to figure out the “namespace” we are interested in. If we are focused on just Microsoft specific extensions, we can apply the following filter on PublisherName.
Get-AzVmImagePublisher -Location "CentralUS" | Where { $_.PublisherName.StartsWith("Microsoft.") }
Let’s assume we are interested in the Security of a virtual machine. We will execute the following command.
Get-AzVMExtensionImageType -PublisherName "Microsoft.Azure.Security" -Location "CentralUS" | Get-AzVMExtensionImage | Select Type, Version, PublisherName
Next, if we are focused on antimalware, we can run the following command which will give us all antimalware related versions.
Get-AzVMExtensionImage -Type IaaSAntimalware -PublisherName "Microsoft.Azure.Security" -Location "CentralUS"
Finally, we are ready to apply the antimalware extension to our Virtual machine using Set-AzVMExtension powershell cmdlet.
$SettingsString = "{ ""AntimalwareEnabled"": true }"Set-AzVMExtension -ResourceGroupName "foobar" -Location "CentralUS" -VMName "MyVM1" -Name "IaaSAntimalware" -Publisher "Microsoft.Azure.Security" -Type "IaaSAntimalware" -TypeHandlerVersion "1.3" -SettingString $SettingsString
Notice that in the SettingsString variable, we can configure specific settings related to antimalware. Refer to Microsoft’s documentation for more details on how to fine-tune your desired settings.
We can verify on the Azure Portal if IaaSAntimalware is enabled.
Clicking on IaaSAntimalware would give us the full details.
Another way to verify if IaaSAntimalware is installed successfully is to use the following Get-AzVM powershell cmdlet. Notice the Status parameter.
Get-AzVM -ResourceGroupName "foobar" -Status -Name "MyVM1"There’s an example of applying the IaaSAntimalware extensions on all virtual machines in a resource group.
That’s it folks! Happy coding!
