Hello EnterpriseArchitect, Welcome to Microsoft Q&A,Thankyou for posting your query here. you can use Azure Policy to audit the presence of extensions and applications on virtual machines. This policy definition audits virtual machines that don't have any extensions installed and don't have WinRM configured for HTTPS.
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/extensions[*].name",
"exists": "true"
}
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/resources[*].properties.osProfile.windowsConfiguration.winRM.listeners[*].protocol",
"equals": "Https"
}
}
]
},
"then": {
"effect": "audit"
}
},
"parameters": {}
}
You can modify this policy definition to audit for specific extensions or applications.
To view the report for this policy, you can use the Azure Policy compliance dashboard.
example of using PowerShell to get the compliance report for this policy:
$policyDefinitionName = "audit-virtual-machines-without-extensions"
$policyCompliance = Get-AzPolicyCompliance -PolicyDefinitionName $policyDefinitionName
$policyCompliance
This will return a list of all virtual machines that are non-compliant with the policy. You can use this information to take action to remediate the non-compliant virtual machines.
Hope this is helpful,please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!.