Using Azure Automation and PowerShell DSC

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

In this Hands-On-Lab, we have a scenario in which your organization has an ongoing problem with Virtual Machines getting unauthorized changes. This is impacting productivity because it is taking time to get them reconfigured the way they are supposed to be setup. The organization has already reduced the number of employees that have administrative access and is also in the process of setting up policies. These reductions limit what can be changed on the server, but the policy has a lengthy list of additions that will not be implemented fully for a few weeks. Management wants a quick solution in the meantime.


We will be utilizing DSC to ensure that the Virtual Machine contains the minimal components as defined in the organization’s corporate requirements. This is important because if you have standard configuration/software for Virtual Machines, it helps keep things uniform and makes it easier to troubleshoot in the event of a potential failure.

At the end of this hands-on lab, you will have the following learning outcomes:
– Have an understanding of what DSC is and how to set it up
– Be able to deploy DSC and become knowledgable of the main components of DSC

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Log in to the Azure Portal

Using, log in with the lab’s provided credentials.

Create Automation Account and add a Powershell file.

Reminder, do not try to create an Azure Run as account.

  1. Create a resource.
  2. Search for automation then click Create.
  3. For the Automation name enter webservers.
  4. Use the existing resource group and the existing subscription.
  5. For the Location, choose East US and click Create.
  6. Download the install.ps1 file from this link
  7. Within the portal navigate to the location it was downloaded to and save the following as iisinstall.ps1.
  8. Configure the iisinstall.ps1 as follows:
    node "localhost"<br>
    WindowsFeature IIS<br>
    Ensure ="Present"<br>
    Name = "Web-Server"<br>
  9. Go to DSC.
  10. Go to configuration and click Add.
  11. Click on the folder and navigate to the folder that has the iisinstall.ps1 file.
  12. Once uploaded, click on the file and choose the option to compile.
Add VM to DSC node
  1. Go to All Resources and click on the Automation Account.
  2. Click on DSC then on Nodes.
  3. Click Add.
  4. Select Virtual Machine to add to the node then click Connect.
  5. For the Node Configuration name select IISInstall.locahost.
  6. Leave the Refresh Frequency and Configuration Mode Frequency as the defaults.
  7. Select Applyandautocorrect for Configuration mode and click the checkbox for reboot node if needed.
  8. Click OK.
Test VM to make sure it remains compliant
  1. Create a new Virtual Machine (Windows Server 2019 Data Center):
    1. Click on Virtual Machines on the left-hand side in the navigation pane.
    2. Click Add.
    3. Click the drop-down box and select the existing resource group.
    4. Use VM-LAB2 as the Virtual Machine Name.
    5. Region:use East US
    6. Image: select Windows Server 2019 Datacenter
    7. Size: Change it to B2s or B2ms
    8. Admin username: cloud_user
    9. Admin password: Use the same password provided for the VM on the lab page.
    10. Click Review and create
    11. Click Create.
  2. Add VM to the DSC node:
    1. Go to the portal at (if you are not already logged in).
    2. Go to All resources–>web servers–>State Configuration (DSC)–>Nodes tab.
    3. Click Add.
    4. Click on Lab-VM2.
    5. Click Connect.
    6. For Node configuration name use iisinstall.localhost.
    7. For Refresh frequency, leave the value at the default: 30
    8. For Configuration mode frequency leave value at the default: 15
    9. For Configuration mode, choose ApplyandAutoCorrect.
    10. For the checkbox named "Reboot node if needed", make sure that this is checked.
    11. For action after reboot, make sure that ContinueConfiguration is selected.
    12. Click OK
  3. Confirm that after adding the machine, that IIS is installed:
    1. Log in to Lab-VM2 via Remote Desktop, go to All resources–>Lab-VM2–> you will see the IP address in the overview section.
    2. Use the IP address from the overview section to connect via RDP (Remote Desktop).
    3. When prompted for credentials, log in using the username/password you used when setting up Lab-VM2.
    4. Go to server manager when you log in, you should see IIS on the left underneath File and Storage Services<br>.

Additional Resources

In this hands-on lab, we will complete the following tasks:

  • Log in to the Azure Portal
  • Create an Automation Account
  • Add VM to DSC node
  • Test VM to make sure it stays in compliance

Note: Make sure that when you add the automation account that you do not try to create a Run as account. You do not have the necessary permissions.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?