{ "properties": { "mode": "Indexed", "description": "This policy deploys the Windows Guest Configuration extension to Azure Windows VMs", "metadata": { "category": "Guest Configuration" }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftWindowsServer" }, { "field": "Microsoft.Compute/imageSKU", "notLike": "2008*" } ] } , "then": { "effect": "deployIfNotExists", "details": { "roleDefinitionIds": [ "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], "type": "Microsoft.Compute/virtualMachines/extensions", "name": "AzurePolicyforWindows", "existenceCondition": { "allOf": [ { "field": "Microsoft.Compute/virtualMachines/extensions/publisher", "equals": "Microsoft.GuestConfiguration" }, { "field": "Microsoft.Compute/virtualMachines/extensions/type", "equals": "ConfigurationforWindows" }, { "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState", "equals": "Succeeded" } ] }, "deployment": { "properties": { "mode": "incremental", "parameters": { "vmName": { "value": "[field('name')]" }, "location": { "value": "[field('location')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "vmName": { "type": "string" }, "location": { "type": "string" } }, "resources": [ { "apiVersion": "2019-07-01", "name": "[concat(parameters('vmName'), '/AzurePolicyforWindows')]", "type": "Microsoft.Compute/virtualMachines/extensions", "location": "[parameters('location')]", "properties": { "publisher": "Microsoft.GuestConfiguration", "type": "ConfigurationforWindows", "typeHandlerVersion": "1.1", "autoUpgradeMinorVersion": true, "enableAutomaticUpgrade": true, "settings": {}, "protectedSettings": {} } } ] } } } } } } } }