![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
798 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi @Anonymous ,
Welcome to Microsoft Q&A! Thanks for posting the question.
I understand that you are trying to enable Account Lockout policy to multiple VMs in Azure Subscription. There are many ways to achieve it at scale, and following are some of the options available:
Method 1 - Using Azure Active Directory Domain Services managed domains
If these VMs are connected to Azure Active Directory Domain Services managed domain, you may define Password and account lockout policies using Azure AD. For more details, please refer to Password and account lockout policies on Azure Active Directory Domain Services managed domains
Method 2 - Using Azure Policy
This involves multiple steps and understanding of Guest Configuration feature of Azure Policy. This is particularly useful if you want to manage local settings on VMs such as - OS settings, Application configuration or presence and Environment settings. This can also be used for auditing/applying local Group Polices. Therefore, if you want to enable the Account Lockout Policy on each VMs, you may use this option. This method involes:
- Creating a guest configuration content artifact (.zip)
- Validating the package meets requirements
- Installing the guest configuration agent locally for testing
- Validating the package can be used to audit settings in a machine
- Validating the package can be used to configure settings in a machine
- Publishing the package to Azure storage
- Creating a policy definition
- Publishing the policy
You may refer to this How-to-guide to understand this process in detail and the complete walkthrough. Some of the Azure Policy's built-in packages for guest configuration are available here for your reference - List of built-in packages for guest configuration - Azure Policy
Method 3 - Using PowerShell
Group Policy PowerShell module can be used to configure local policy for a machine. You may also use it in Azure Automation for automatic update of local group policy setting on all the VMs/subset of VMs.
Please let me know if you have any questions.
---
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.