Secure your cloud with all-new AZ Policy & Machine Config features - Mutemwa Masheke - PSConfEU 2025

Описание: PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)

Full title:
Secure your cloud environment with all-new Azure Policy and Machine Configuration features!

Abstract:
Come learn about the latest Microsoft Azure releases that enable you to securely govern your cloud environment using Infrastructure-as-Code! From Azure Policy selectors and overrides for safe deployment, to private storage of Machine Configuration packages, we will showcase how you can leverage Powershell to amplify speed and control in your Azure environment. Whether you manage Windows or Linux servers, on-prem, multi-cloud or Azure native, this session will help you amplify cloud innovation by enabling speed and control in your Azure environment. Opportunities for QnA, feature enhancements and requests will be provided at the end of this session. We’d love to hear from you!

Summary (autogen):
Mutemwa Masheke presents an extensive overview of security features in Azure Machine Configuration, delving into both current capabilities and future developments in the realm of machine config and Azure Policy. The session provides insights into how these features can enhance server management and compliance within Azure environments, making them particularly relevant for developers and IT professionals engaged in cloud infrastructure management.

Mutemwa begins by introducing Azure Machine Configuration, explaining that it allows for the configuration of operating systems, applications, and workloads as code, facilitating uniform deployments across both Azure and on-premises environments. By leveraging PowerShell Desired State Configuration (DSC), users can author policies tailored to their unique requirements or utilize built-in policies designed to simplify implementation and reduce overhead. He emphasizes the importance of a cloud-native management approach, allowing for efficient deployment at scale.

The discussion then transitions to Azure Policy, which works in conjunction with Machine Configuration. This service provides guardrails for developers to enforce compliance at scale, grouping policies, and enabling exemptions for specific scenarios to safeguard deployment practices. Mutemwa explains the added value for those familiar with Active Directory Group Policy, highlighting how Azure Policy guarantees idempotent deployments—ensuring that remediation policies can be enforced consistently across a fleet of virtual machines.

Mutemwa also highlights recent investments in enhancing SSH capabilities and audit policies, specifying that the configurations align with industry compliance standards. He talks about the challenges faced when managing Linux machines and introduces custom tooling available for users needing to run specific scripts, such as for package management or credentials handling. The lecture covers the lifecycle of configuration as code, detailing how to generate a Management Object Format (MOF) file for testing before deployment, underlining the recent addition of user-assigned managed identities for secure package access.

A key part of the lecture focuses on upcoming features in Azure Machine Configuration, showcasing their commitment to integrating user-assigned and system-assigned managed identities. Mutemwa elaborates on how an upcoming public preview will enable simpler secure access to configuration packages without the requirement for SAS tokens, improving security standards in deployments. He discusses a robust roadmap that includes enhanced experiences for managing operating system settings directly in Azure Resource Manager, and the migration of security baselines from traditional systems like Active Directory to Azure.

Mutemwa pays particular attention to user customizations and compliance reporting, detailing how the planned wizard will assist users in generating templates for security baselines and provide customizable settings within regulatory frameworks. The emphasis on fostering a user-friendly experience illustrates Microsoft’s intent to streamline compliance management efforts within organizations.

Chapters:
00:00:00 Secure your cloud environment with all-new Azure Policy and Machine Configuration features! - Mutemwa Masheke
00:00:13 Introduction and Overview
00:01:58 Azure Machine Configuration Explained
00:03:10 Understanding Azure Policy
00:05:26 Investments in SSH and Security Policies
00:06:53 Configuration as Code Challenges
00:08:52 User-Assigned Managed Identities
00:13:46 System-Assigned Managed Identities
00:20:02 Upcoming Features and Improvements
00:22:01 Roadmap for Future Developments
00:26:02 Customizing Security Baselines
00:28:14 Version Management and Compliance
00:31:26 Migrating from GPOs to Policies
00:33:52 Inventory of Server Settings
00:35:33 Q&A Session
00:40:05 Addressing Audience Questions
00:43:57 Conclusion and Closing Remarks