Preconditions
Related command
az vmss create and az vmss update
Resource Provider
Microsoft.Compute/virtualMachineScaleSets
Description of Feature or Work Requested
We need to update the existing --security-posture-reference parameter in both az vmss create and az vmss update to support the latest REST API specs for VMSS. This would include the following changes:
- update existing
--security-posture-reference-exclude-extensions to receive type string[]
- add new parameter
--security-posture-reference-is-overridable with the type boolean
Minimum API Version Required
2024-03-01
Swagger PR link / SDK link
Azure/azure-rest-api-specs#28891
Request Example
https://github.com/Azure/azure-rest-api-specs/blob/main/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/examples/virtualMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithSecurityPostureReference.json
Target Date
2024-09-30
PM Contact
hylee
Engineer Contact
dymartinez
Additional context
Until the next release for CRP is cut (anticipating ~09/05, then +2 weeks to roll out) the required bits for testing this feature are only accessible in East US 2 EUAP (Slice 5, subscription: 5393f919-a68a-43d0-9063-4b2bda6bffdf).
Additionally, you can use the following as the --security-posture-reference-id: "/communityGalleries/securityPostureBVTGallery/securityPostures/VMSSUniformWindows/versions/latest" for testing. For validating ExcludeExtensions using --security-posture-reference-exclude-extensions, you can use "SecurityPostureSecurityAgent" and it will be excluded from the VMSS.
For additional questions, you may find insightful details in this Wiki page: https://dev.azure.com/msazure/AzureWiki/_wiki/wikis/AzureWiki.wiki/636324/Virtual-Machine-Scale-Sets-(VMSS) or feel free to ping me directly.
Preconditions
Related command
az vmss createandaz vmss updateResource Provider
Microsoft.Compute/virtualMachineScaleSets
Description of Feature or Work Requested
We need to update the existing
--security-posture-referenceparameter in bothaz vmss createandaz vmss updateto support the latest REST API specs for VMSS. This would include the following changes:--security-posture-reference-exclude-extensionsto receive typestring[]--security-posture-reference-is-overridablewith the typebooleanMinimum API Version Required
2024-03-01
Swagger PR link / SDK link
Azure/azure-rest-api-specs#28891
Request Example
https://github.com/Azure/azure-rest-api-specs/blob/main/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/examples/virtualMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithSecurityPostureReference.json
Target Date
2024-09-30
PM Contact
hylee
Engineer Contact
dymartinez
Additional context
Until the next release for CRP is cut (anticipating ~09/05, then +2 weeks to roll out) the required bits for testing this feature are only accessible in East US 2 EUAP (Slice 5, subscription:
5393f919-a68a-43d0-9063-4b2bda6bffdf).Additionally, you can use the following as the
--security-posture-reference-id: "/communityGalleries/securityPostureBVTGallery/securityPostures/VMSSUniformWindows/versions/latest" for testing. For validating ExcludeExtensions using--security-posture-reference-exclude-extensions, you can use "SecurityPostureSecurityAgent" and it will be excluded from the VMSS.For additional questions, you may find insightful details in this Wiki page: https://dev.azure.com/msazure/AzureWiki/_wiki/wikis/AzureWiki.wiki/636324/Virtual-Machine-Scale-Sets-(VMSS) or feel free to ping me directly.