Livoa LogoLivoa
Cloud GPO POC – Azure Policy + Machine Configuration Architecture
Azure Storage Account - cloudgpopoc


• Container: machineconfig-packages

• Blob: CloudGPO_LocalSecurity.zip

• Private access only

• Restricted to VM VNet + Trusted MS services

• No anonymous public access

Security Engineer Workstation
(PowerShell 7)


Built locally using DSC v2 + GuestConfiguration tools

📄 CloudGPO_LocalSecurity.ps1

📄 CloudGPO_LocalSecurity.mof

📦 CloudGPO_LocalSecurity.zip

📄 CloudGPO_LocalSecurity_Audit.json

Azure Policy – Guest Configuration (Audit Mode)

• Policy Definition: CloudGPO_LocalSecurity_Audit

• Effect: auditIfNotExists

• name: CloudGPO_LocalSecurity

• contentUri: <blob URL>

• contentManagedIdentity: system

Azure VM – tstDataParser


• Windows Server 2022

• Machine Configuration Extension Enabled

System-Assigned Managed Identity

Reports compliance status

Azure Policy Compliance Dashboard


• Resource evaluated: tstDataParser

• Compliance result: Compliant / Non-compliant

Drift Detection: Reports deviations from DSC baseline

Guest Assignment Details Visible

Upload package
ContentUri reference for GC policy
Compliance status returned

test

by test

0
0 uses