Cloud Computing

Getting Started with Azure Automation Desired State Configuration


In today’s Ask the Admin, I’ll show you how to create an Azure Automation account, upload and compile a DSC configuration, and on board an Azure VM.

In Introduction to Azure Automation Desired State Configuration on the Petri IT Knowledgebase, I explained how Azure Automation Desired State Configuration (DSC) relieves organizations of some of the infrastructure requirements of PowerShell DSC, along with other advantages, including controlling who can access DSC configurations, assign them to nodes, and check node configuration compliance. Today we’re going to get down to business and configure Azure Automation DSC.

Create a DSC script

Before we can test out Azure Automation DSC, we’ll need a DSC script. For the purposes of this demonstration, we’ll use a basic script that checks for the presence of a text file (test.txt). If the file is not present, it’s created.

Configuration FileResourceDemo
     Node "localhost"              
       File CreateFile {                                     
         DestinationPath = 'C:\Test.txt'                                            
         Ensure = "Present"                                     
         Contents = 'Hello World!'                         

You can copy the above code into Notepad or the Windows PowerShell ISE. Save the script to your PC as TestDSC.ps1

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Create an Azure Automation account

Azure Automation DSC requires an Azure Automation account in addition to the Microsoft account associated with your subscription. If you don’t already have an Azure Automation account, create one using the steps below.

Add an Azure Automation account (Image Credit: Russell Smith)
Add an Azure Automation account (Image Credit: Russell Smith)
  • Log in to the Azure management portal here.
  • In the left pane of the portal, click + New.
  • In the New pane, click Management, and then in the Management pane, click Automation.
  • In the Add Automation Account pane, enter a Name for the new account.
  • Select an active Azure subscription from the dropdown menu.
  • Check Create new under Resource group and enter a name for the new group.
  • Select a location from the dropdown menu.
  • Make sure that Create Azure Run As account is set to Yes.
  • Click Create to deploy the new account.

You’ll need to wait a few minutes for the accounted to be created. To check if the account has been created successfully:

  • In the left pane of the portal window, click Browse >, and then Automation Accounts.
  • In the Automation Accounts pane, click your automation account.
Add an Azure Automation account (Image Credit: Russell Smith)
Add an Azure Automation account (Image Credit: Russell Smith)

Add a DSC configuration to Azure Automation

Now that we have created an Azure Automation account, let’s add the DSC configuration script that we created earlier to Azure.

  • In the DSC Configurations pane, click Add a configuration.
  • In the Import pane, click the folder icon to browse for a configuration file, select TestDSC.ps1 and click OK.
  • Wait for status to change to Published, and then click on the TestDSC.ps1 filename in the DSC Configurations pane.
  • In the DSC Configurations pane, click Add a configuration, and then Compile in Configuration pane.
Add a DSC node (Image Credit: Russell Smith)
Add a DSC node (Image Credit: Russell Smith)

Again, we’ll need to wait a few minutes for DSC script to be compiled into a MOF file.

On board an Azure VM

The final step is to on board a VM (node) and assign the DSC configuration. Note that it’s also possible to on board VMs hosted by cloud providers other than Microsoft, and on premise servers.

  • Go back to Automation Account pane, and click the DSC Nodes tile.
  • In the DSC Nodes pane, click Add Azure VM.
  • In the Add Azure VMs pane, click Select Virtual Machines to onboard, and select the VM(s) you’d like to on board.
  • In the Add Azure VMs pane, click Configure registration data.
Add a DSC node (Image Credit: Russell Smith)
Add a DSC node (Image Credit: Russell Smith)
  • In the Registration pane, enter the name of your DSC configuration, as it appears on the Automation Account pane, into the Node Configuration Name field. In this example, the configuration name is FileResourceDemo.localhost.
  • Leave the default settings for Refresh Frequency and Configuration Mode Frequency,
  • Make sure that ApplyAndMonitor is selected from the Configuration Mode dropdown menu, and then click OK.
  • Back in the Add Azure VMs pane, click Create. Note that the VM should be powered on.

Adding the node can take up to ten minutes. It could take even more time for the configuration to apply to the node(s), depending on the refresh and configuration mode frequencies set. But you should connect to the node using RDP and check if test.txt was created.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: