iam creating policy to enable custom script extension through policy but its not working as iam using free trail in free trail it will work or not

Question

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "anyOf": [
            {
              "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
              "equals": "Linux"
            },
            {
              "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration",
              "exists": true
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "deployIfNotExists",
      "details": {
        "type": "Microsoft.Compute/virtualMachines/extensions",
        "existenceCondition": {
          "field": "Microsoft.Compute/virtualMachines/extensions/type",
          "equals": "CustomScript"
        },
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "[https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#"](https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#%22"https://schema.management.azure.com/schemas/2018-05-01/subscriptiondeploymenttemplate.json#%22"),
              "contentVersion": "1.0.0.0",
              "parameters": {
                "location": {
                  "type": "string"
                },
                "virtualMachineName": {
                  "type": "string"
                }
              },
              "resources": [
                {
                  "name": "[concat(parameters('virtualMachineName'),'/', 'CustomScriptExtension')]",
                  "type": "Microsoft.Compute/virtualMachines/extensions",
                  "apiVersion": "2023-03-01",
                  "location": "[parameters('location')]",
                  "properties": {
                    "publisher": "Microsoft.Compute",
                    "type": "CustomScript",
                    "typeHandlerVersion": "1.10",
                    "autoUpgradeMinorVersion": true,
                    "settings": {
                      "fileUris": [
                        "https://"
                      ],
                      "commandToExecute": "sh script.sh"
                    },
                    "protectedSettings": {}
                  }
                }
              ]
            },
            "parameters": {
              "location": {
                "value": "[field('location')]"
              },
              "virtualMachineName": {
                "value": "[field('name')]"
              }
            }
          }
        },
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ]
      }
    }
  },
  "parameters": {}
}

Answer 1

Hi @Akhil reddy,

You didn't specify what error you received, but a free trial account wouldn't prohibit your Azure policy from working.

I also shared a sample policy below. It's similar to the one above but it's scaled back and handles custom script as a scriptFileUri instead. You can try uploading your script to an Azure Stroage account and retrieves the script that way.

{
  "mode": "All",
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Compute/virtualMachines/extensions"
    },
    "then": {
      "effect": "deployIfNotExists",
      "details": {
        "type": "Microsoft.Compute/virtualMachines/extensions",
        "existenceCondition": {
          "field": "Microsoft.Compute/virtualMachines/extensions/type",
          "equals": "CustomScriptExtension"
        },
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "vmName": {
                  "type": "string"
                },
                "location": {
                  "type": "string"
                },
                "scriptFileUri": {
                  "type": "string"
                }
              },
              "resources": [
                {
                  "name": "[concat(parameters('vmName'),'/CustomScriptExtension')]",
                  "type": "Microsoft.Compute/virtualMachines/extensions",
                  "location": "[parameters('location')]",
                  "apiVersion": "2018-06-01",
                  "properties": {
                    "publisher": "Microsoft.Compute",
                    "type": "CustomScriptExtension",
                    "typeHandlerVersion": "1.9",
                    "autoUpgradeMinorVersion": true,
                    "settings": {
                      "fileUris": [
                        "[parameters('scriptFileUri')]"
                      ]
                    },
                    "protectedSettings": {
                      "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File ', './', parameters('scriptFileName'))]"
                    }
                  }
                }
              ]
            },
            "parameters": {
              "vmName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              },
              "scriptFileUri": {
                "value": "[parameters('scriptFileUri')]"
              }
            }
          }
        }
      }
    }
  },
  "parameters": {
    "scriptFileUri": {
      "type": "String",
      "metadata": {
        "displayName": "Script file URI",
        "description": "The URI of the script file to be executed by the custom script extension."
      }
    }
  }
}

You can try this example to see if it works. If it doesn't, comment down below with the error messages you're seeing.