This article explains how we can manage and configure desired state configuration (DSC) in Azure Virtual Machine using Automation Account. We will also use ARM template to hook a windows or Linux machine to automation account DSC.

Benefits of using DSC with Automation Account

• To be able to configure machines identically with the aim to standardise them

• A pull server is created and the nodes contact this server at regular intervals to check any drift in the configuration and auto correct if needed.

• The management of multiple machines to visualise their compliance status in a single dashboard.

Step 1: Create an Azure Automation Account

In Azure Marketplace, select IT & Management Tools menu and select Automation to create a new Automation Account.

For Create Azure Run As account, choose Yes so that the artifacts to simplify authentication to Azure are enabled automatically. When the information is complete, click Create to start the Automation account deployment.

Step 2: Create a configuration

Once the Automation Account is deployed successfully, Navigate to State Configuration (DSC) and click Add to upload a new DSC configuration file.

Create a sample PowerShell script file as paste below code into that and upload the file via above Import wizard.

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force 
configuration ServerConfig
{
	Import-DscResource -ModuleName PSDesiredStateConfiguration

    Node localhost
    {
		
		WindowsFeature InstallWebServer
		{
			Ensure               = 'Present'
			Name                 = 'Web-Server'
		}

    }
}

You will need to compile a DSC configuration to a node configuration (MOF document) before it can be assigned to a node. Compilation validates the configuration and allows for the input of parameter values.

From the menu options, select Compile and then click Yes.

In the Configuration view, you see a new compilation job queued. When the job has completed successfully, you are ready to move on to the next step. If there are any failures, you can click on the compilation job for details.

Onboard a node to the DSC through ARM template

To provision a new Virtual machine with a DSC configuration attached to it using ARM templates, add below JSON to resources section of ARM template file

{
	"type": "Microsoft.Compute/virtualMachines/extensions",
	"name": "[concat(parameters('vmName'),'/DSC-vm')]",
	"apiVersion": "2019-03-01",
	"location": "[variables('location')]",
	"dependsOn": [
	  "[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
	  "[parameters('automationAccountName')]"
	],
	"properties": {
	  "publisher": "Microsoft.Powershell",
	  "type": "DSC",
	  "typeHandlerVersion": "2.9",
	  "autoUpgradeMinorVersion": true,
	  "protectedSettings": {
		"Items": {
		  "registrationKeyPrivate": "[listKeys(resourceId(parameters('automationAccountResourceGroup'),'Microsoft.Automation/automationAccounts/', parameters('automationAccountName')), '2018-06-30').Keys[0].value]"
		}
	  },
	  "settings": {
		"advancedOptions": {
		  "forcePullAndApply": true
		},
		"properties": [
		  {
			"Name": "RegistrationKey",
			"Value": {
			  "UserName": "PLACEHOLDER_DONOTUSE",
			  "Password": "PrivateSettingsRef:registrationKeyPrivate"
			},
			"TypeName": "System.Management.Automation.PSCredential"
		  },
		  {
			"Name": "RegistrationUrl",
			"Value": "[reference(concat('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'))).registrationUrl]",
			"TypeName": "System.String"
		  },
		  {
			"Name": "NodeConfigurationName",
			"Value": "[parameters('configurationFunction')]",
			"TypeName": "System.String"
		  },
		  {
			"Name": "ConfigurationMode",
			"Value": "ApplyandMonitor",
			"TypeName": "System.String"
		  },
		  {
			"Name": "RebootNodeIfNeeded",
			"Value": true,
			"TypeName": "System.Boolean"
		  },
		  {
			"Name": "ActionAfterReboot",
			"Value": "ContinueConfiguration",
			"TypeName": "System.String"
		  },
		  {
			"Name": "RefreshFrequencyMins",
			"Value": "30",
			"TypeName": "System.Int32"
		  },
		  {
			"Name": "ConfigurationModeFrequencyMins",
			"Value": "15",
			"TypeName": "System.Int32"
		  }
		]
	  }
	}
  }

Onboard a node to the DSC through Portal

To assign a compiled node configuration to a DSC node,In Automation Account, select State Configuration (DSC) and then click the Nodes tab. Click on Add.

Select a Virtual Machine from the list and click on Connect to assign node configuration

Click OK. State Configuration now assigns the compiled configuration to the node, and the node status changes to Pending. On the next periodic check, the node retrieves the configuration, applies it, and reports status. It can take up to 30 minutes for the node to retrieve the configuration, depending on the node settings.

You can view the status of all State Configuration-managed nodes in your Automation account. The information is displayed by choosing State Configuration (DSC) and clicking the Nodes tab. You can filter the display by status, node configuration, or name search.