JSON
Copy definition
{ 6 items displayName: "Onboard Azure VM and Arc connected machines to Azure Automation DSC" , mode: "Indexed" , description: "Deploys the DSC extension to onboard nodes to Azure Automation DSC. Does not assign a configuration." , metadata: { 1 item } , policyRule: { 2 items if: { 1 item anyOf: [ 2 items { 1 item allOf: [ 2 items { 2 items field: "type" , equals: "Microsoft.Compute/virtualMachines" } , { 1 item anyOf: [ 10 items { 2 items field: "Microsoft.Compute/imagePublisher" , in: [ 7 items "esri" , "incredibuild" , "MicrosoftDynamicsAX" , "MicrosoftSharepoint" , "MicrosoftVisualStudio" , "MicrosoftWindowsDesktop" , "MicrosoftWindowsServerHPCPack" ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftWindowsServer" } , { 2 items field: "Microsoft.Compute/imageSKU" , notLike: "2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "MicrosoftSQLServer" } , { 2 items field: "Microsoft.Compute/imageOffer" , notLike: "SQL2008*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "microsoft-dsvm" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "dsvm-windows" } ] } , { 1 item } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "batch" } , { 2 items field: "Microsoft.Compute/imageOffer" , equals: "rendering-windows2016" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "center-for-internet-security-inc" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "cis-windows-server-201*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "pivotal" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "bosh-windows-server*" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/imagePublisher" , equals: "cloud-infrastructure-services" } , { 2 items field: "Microsoft.Compute/imageOffer" , like: "ad*" } ] } , { 1 item } ] } ] } , { 1 item } ] } , then: { 2 items effect: "deployIfNotExists" , details: { 4 items roleDefinitionIds: [ 1 item "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ] , type: "[if(equals(tolower(field('Type')),'microsoft.compute/virtualmachines'),'Microsoft.Compute/virtualMachines/extensions','Microsoft.HybridCompute/machines/extensions')]" , name: "DSC" , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 4 items } , template: { 5 items $schema: "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 4 items } , variables: { 1 item automationAccountName: "[last(split(parameters('automationAccount'),'/'))]" } , resources: [ 2 items { 6 items condition: "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]" , type: "Microsoft.Compute/virtualMachines/extensions" , name: "[concat(parameters('machineName'),'/DSC')]" , apiVersion: "2019-07-01" , location: "[parameters('location')]" , properties: { 6 items publisher: "Microsoft.Powershell" , type: "DSC" , typeHandlerVersion: "2.80" , autoUpgradeMinorVersion: true , protectedSettings: { 1 item Items: { 1 item registrationKeyPrivate: "[listKeys(parameters('automationAccount'), '2018-01-15').Keys[0].value]" } } , settings: { 1 item Properties: [ 2 items { 3 items Name: "RegistrationKey" , Value: { 2 items UserName: "PLACEHOLDER_DONOTUSE" , Password: "PrivateSettingsRef:registrationKeyPrivate" } , TypeName: "System.Management.Automation.PSCredential" } , { 3 items Name: "RegistrationUrl" , Value: "[reference(parameters('automationAccount'),'2018-01-15').registrationUrl]" , TypeName: "System.String" } ] } } } , { 6 items condition: "[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]" , type: "Microsoft.HybridCompute/machines/extensions" , name: "[concat(parameters('machineName'),'/DSC')]" , apiVersion: "2019-12-12" , location: "[parameters('location')]" , properties: { 6 items publisher: "Microsoft.Powershell" , type: "DSC" , typeHandlerVersion: "2.80" , autoUpgradeMinorVersion: true , protectedSettings: { 1 item Items: { 1 item registrationKeyPrivate: "[listKeys(parameters('automationAccount'), '2018-01-15').Keys[0].value]" } } , settings: { 1 item Properties: [ 2 items { 3 items Name: "RegistrationKey" , Value: { 2 items UserName: "PLACEHOLDER_DONOTUSE" , Password: "PrivateSettingsRef:registrationKeyPrivate" } , TypeName: "System.Management.Automation.PSCredential" } , { 3 items Name: "RegistrationUrl" , Value: "[reference(parameters('automationAccount'),'2018-01-15').registrationUrl]" , TypeName: "System.String" } ] } } } ] } } } } } } , parameters: { 1 item automationAccount: { 2 items type: "String" , metadata: { 4 items displayName: "Automation account" , description: "Select Automation account from dropdown list. If this account is outside of the scope of the assignment you must manually grant 'Contributor' permissions (or similar) on the Automation account to the policy assignment's principal ID." , strongType: "Microsoft.Automation/automationAccounts" , assignPermissions: true } } } }