Cloud Computing

Introduction to Azure Automation Desired State Configuration


In today’s Ask the Admin, I’ll explain the ins and outs of Azure Automation Desired State Configuration.

Azure Automation Desired State Configuration (DSC) is composed of two key technologies: Azure Automation, a cloud service that’s been around for a couple of years, and PowerShell DSC, a declarative syntax based on PowerShell that allows system administrators to define device configuration.

Azure Automation

If you’re not already familiar with Azure Automation, it’s a management platform for automating and maintaining cloud resources using a PowerShell-based workflow engine (runbooks). Azure Automation can be used to automate and schedule routine tasks, such as starting and stopping virtual machines, restarting web services or doing anything that is supported by Azure PowerShell. And just like PowerShell, the platform is extensible, so in theory, any internet-connected service or platform can be managed.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

For more information on Azure Automation, see Getting Started with Microsoft Azure Automation and How to Use Microsoft Azure Automation on the Petri IT Knowledgebase.

PowerShell DSC

PowerShell Desired State Configuration is similar to Puppet and Chef, and is used for configuring servers and preventing configuration drift. Rather than scripting a configuration, for instance install this component, set registry keys and then reboot the server, DSC uses a declarative syntax that defines how servers should be configured without specifying a list of tasks needed to achieve the result. It’s like Group Policy on steroids, allowing servers to be configured without specialist knowledge of how components should be installed.

For more information on DSC, see Why PowerShell’s Desired State Configuration Should Matter to You and Deploying a Desired State Configuration Web Host Using PowerShell on Petri.

Azure Automation DSC

One of the problems with DSC is that to be really useful, it requires some infrastructure, usually in the form of a pull server from which nodes retrieve configurations, and even then doesn’t scale well. That’s where Azure Automation DSC comes in. When you create an Azure Automation account, a DSC pull and reporting server are automatically configured from which your cloud or on premise Windows and Linux VMs (nodes) can get MOF files, meaning that you don’t need to have a VM running 24/7 for the purposes of DSC.

A key advantage of Azure Automation DSC is the cloud-based pull server that’s automatically deployed and managed by Microsoft, but there are also a host of other features. The service allows organizations to control who can access DSC configurations and assign them to nodes. Changes to configuration can also be tracked, recording when and how configurations are applied to nodes. There’s also a reporting server so you can check for VM compliance against your configurations.

It’s also possible to combine the use of Azure Automation runbooks and DSC. For example, runbooks can come in useful if you want to coordinate a process and configure VMs as part of a larger operation.


Azure Automation DSC comes in Free and Basic tiers, and is charged according the number of nodes registered with the pull server. The free tier supports up to five nodes, after which you need to switch to the basic tier, which costs $6/month per node. Click here for more information on pricing.

Look out for more articles on Petri soon, where I’ll show you how to work with Azure Automation DSC.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: