Azure Policy Guest Configuration – Part 1 – Creating a Custom Policy

I’ve been working quite a bit with custom Azure Policy Guest Configuration lately, and after encountering a few early bumps I’ve become a big fan. Guest Configuration policies are quite flexible, which in essence gives you the ability to bring almost anything we can do in PowerShell and/or DSC into Azure Policy. Very cool!

The first two use cases I’ve worked on were as follows:

  1. Audit base OS hardening compliance for Windows VMs in Azure.
  2. Audit antimalware compliance for Windows Vms in Azure.

Creating the Guest Configuration Package

For part 1 of this post, let’s focus on use case #1. To accomplish this use case, you’ll use the Microsoft Security Configuration Baseline as the base DSC template by converting the GPO provided in the “BaselineManagement” module to PowerShell DSC. This step is described in detail in Microsoft’s “Convert Group Policy into DSC” quickstart documentation.

Continue reading

“fatal: Authentication Failed” Error When Running Git Push From VSCode To Github with 2FA Enabled

While working on some custom guest policy in VSCode today (posts coming on that soon!) I came across an issue that I hadn’t encountered previously. While attempting to push my code to my Github repository, I encountered a “fatal: Authentication failed for <repo URL>” error. Of course I tried to retype my username and password multiple times, and even reset my password on Github, but to no avail. After a bit of research, I came across an article that saved me quite a bit of time in troubleshooting. In short, I had recently enabled 2FA on my Github account, which was causing my authentication via username and password to fail (which makes sense). The workaround for this issue is actually quite simple, and involves creating an access token in your Github settings and using that token as your password when prompted during a push from VSCode.

In the name of not reinventing the wheel and taking credit for others work, this article outlines the process step by step.

Hopefully this saves other some troubleshooting time, and remember to store your token somewhere secure!