Azure Desired State Configuration Demo
Start course
1h 21m

Microsoft Azure is a robust, feature-rich cloud platform used by a growing number of technology companies. With its vast array of services, a key challenge to administering an Azure environment is security. How can we ensure that our Azure infrastructure meets strict security standards? This course offers the answer.

In three concise units, the student will learn all about compliance and cloud security. The course delves into several key Azure components, including Azure DevOps, Azure Security Center, Desired State Configuration, and Azure Pipelines. After completing the lessons and watching the video demonstrations, the student will be equipped with the knowledge to automate critical security tasks to ensure a thoroughly hardened cloud architecture.

This skill set will serve infrastructure developers working with live environments or seeking to pass certification exams. Most importantly, it will help students understand cloud security in a comprehensive and thorough way.

For feedback, queries, or suggestions relating to this course, please contact us at

Learning Objectives

  • Scan infrastructure using Azure tools to prevent drift leading to compliance violations
  • Automate configuration using Azure Automation and Desired State Configuration
  • Create secure and compliant software pipelines in Azure

Intended Audience

This course is intended for:

  • Those looking to learn more about the security and compliance features in Azure
  • People studying for Microsoft's AZ-400 exam


To get the most from this course, you should already have a basic understanding of Microsoft Azure as well as some knowledge of programming and cloud infrastructure. 


Okay, howdy and welcome to the first video demo for section two in our course on Azure security and compliance. In this video, we're going to do a brief introduction to Azure Desired State Configuration in the Azure web portal. We're going to show how to first import a node into our DSC system so that it can be assigned configurations. Then we'll create a very simple DSC script so you can see some code. And then finally, we'll upload our DSC code, we'll compile it and we'll assign it to a node at which point we can see the node become compliant.

So we'll start by importing a node into our DSC account. So, we'll assume you already have a node ready to go that you know how to launch a node. So one thing to be aware of is the region mapping between nodes in Azure Automation services. We'll have links about that in the lesson. But basically, to import nodes, there's a couple of ways you can do it. You can use the CLI tools or the API or you can use the Web Console. Now for this demo, we're gonna use the Web Console because it makes it easier to see exactly what's happening. But of course, do be aware everything we do here can be readily scripted, using PowerShell.

If you have to do, do it at a larger scale, pointing and clicking around for lots of nodes can be kind of painful. So to actually import the node, we'll just go into our automation account for this will use this basicAccount2 and we can look and see information about nodes in DSC portal in the state configuration DSC section.

Now, when we go here, we can see that initially, there are no nodes available. So we wanna add a node, we're gonna click on Add. And this will show us the nodes are available here we can see there's only one. So we click on that node and to connect we just click Connect. And there's some default configuration here, we can change if you want but for our purposes, the default is fine. And this will take a second. Now be aware that if your node is not in the right region, you'll probably get an error in this connection period. It'll bubble up. So do be aware of that issue make sure that the account and the nodes are in the right regions.

Okay, so once the node connects and it might take a little while for the connection to finish, you'll be able to see the node in your state configuration portal. You'll see it here. So once we have that, we want to next assign some DSC configuration to it and before that, we have to create the code of that configuration. So we can do this a couple of ways. We can write the script and in a file and upload it. We can also use the built in text editor here, we can go to compose configuration, and write the script right there. We're going to use the former method, we're gonna write a configuration file and upload it, so to do that, we click on configurations, and we click on Add. Now, I'm not gonna edit a whole thing from scratch. I actually have some basic config from Microsoft documentation, which I can show you right here. Very short, simple file. So what we're gonna do is upload this file. We'll go to our uploader here, here we can see it, we can add a description we'll say, some test config, obviously you wanna do a better screen description than that and then just click OK. And your that file, that TestConfig.ps1 file, it will be uploaded into the dashboard. So we can see it right there.

Now, once that's done and saved, we now have the configuration ready to go in our account, but we can't assign it to the node as is, before we can assign it to our node we need to compile it. This is also pretty simple to do. We just go select the configuration that we're interested in and we're gonna select compile. Yes, we're sure we wanna compile it. Now, if there is an error in the config, it will show up here. The compilation will fail if there's a syntax error, for example. And it takes a second to run this compilation, but once it's done, we'll be able to actually use it.

Okay, and once again, once the compilation is done and it might take a little bit, we should see in the compiled configuration section, we should see that test config is available, it's now usable. So we can actually assign this to a node, which is pretty straightforward. We click on our nodes, and we go to assign node configuration. And then we should see the available compiled configurations. There's one here, we'll select that and it'll assign it to a node and what's really cool is that once it is assigned, DSC will automatically check to see that the node is compliant with that configuration. So we can go back and we can refresh. And we can see we have one node here. And it's pending to check if it is compliant and once that check is finished, it will go green here, we'll see that it's compliant. So you can see why we would want our security policies incorporated into DSC. We effectively automate security compliance by having it all in this one place.

So that's it for this demo. You should now have a basic understanding of Azure DSC and how to use it in the Azure portal. So thank you for watching. And here it is now, it's green, it's compliant.


Course Introduction - Compliance & Security Scanning - Security Center Demo - Preventing Drift - ARM, Activity Log & Track Changes Demo - Desired State Configuration (DSC) - Azure Automation State Configuration - VM Agents & Extensions - VM Agents & Extensions Demo - Security & Compliance Pipelines - Azure Pipelines & Gates Demo - Course Summary

About the Author

Jonathan Bethune is a senior technical consultant working with several companies including TopTal, BCG, and Instaclustr. He is an experienced devops specialist, data engineer, and software developer. Jonathan has spent years mastering the art of system automation with a variety of different cloud providers and tools. Before he became an engineer, Jonathan was a musician and teacher in New York City. Jonathan is based in Tokyo where he continues to work in technology and write for various publications in his free time.