Add Microsoft Antimalware to Azure Service Fabric Clusters
Hello Azure security community!
Yuri Diogenes (CSI Enterprise Mobility + Security / Azure Security / OMS Security team) here. One question that keeps coming about Azure Antimalware is: can I add antimalware to Azure Service Fabric cluster? This question was recently asked in the Microsoft Antimalware for Azure Cloud Services and Virtual Machines article.
Azure Service Fabric uses Azure VM Scale Set (VMSS) to create the Service Fabric Clusters. Presently the VMSS template used for creating the service fabric clusters not enabled with Antimalware extension. Hence Antimalware needs to be enable separately on the VMSS. As we enabled it on VMSS, all the nodes created under the VMSS will inherit and get the extension automatically.
The sample script below, shows how you can enable IaaS Antimalware extension using the AzureRmVmss PS cmdlets.
Important: before executing this script, you must uncomment the variables and provided appropriate values.
=================================================
# Script to add Microsoft Antimalware extension to VM Scale Set(VMSS) and Service Fabric Cluster(in turn it used VMSS)
# Login to your Azure Resource Manager Account and select the Subscription to use
Login-AzureRmAccount
# Specify your subscription ID
#$subscriptionId="SUBSCRIPTION ID HERE"
Select-AzureRmSubscription -SubscriptionId $subscriptionId
# Specify location, resource group, and VM Scaleset for the extension
#$location = "LOCATION HERE" # eg., “West US or Southeast Asia” or “Central US”
#$resourceGroupName = "RESOURCE GROUP NAME HERE"
#$vmScaleSetName = "YOUR VM SCALE SET NAME"
# Configuration.JSON configuration file can be customized as per MSDN documentation: https://msdn.microsoft.com/en-us/library/dn771716.aspx
#$settingString = ‘{"AntimalwareEnabled": true}’;
# retrieve the most recent version number of the extension
$allVersions= (Get-AzureRmVMExtensionImage -Location $location -PublisherName “Microsoft.Azure.Security” -Type “IaaSAntimalware”).Version
$versionString = $allVersions[($allVersions.count)-1].Split(“.”)[0] + “.” + $allVersions[($allVersions.count)-1].Split(“.”)[1]
$VMSS = Get-AzureRmVmss -ResourceGroupName $resourceGroupName -VMScaleSetName $vmScaleSetName
Add-AzureRmVmssExtension -VirtualMachineScaleSet $VMSS -Name “IaaSAntimalware” -Publisher “Microsoft.Azure.Security” -Type “IaaSAntimalware” -TypeHandlerVersion $versionString
Update-AzureRmVmss -ResourceGroupName $resourceGroupName -Name $vmScaleSetName -VirtualMachineScaleSet $VMSS
=================================================
Kudos to Rakesh Narayan and ASM Team for their contribution testing this solution.
Keep interacting with us and we will continue to follow up on your questions.
Stay safe!
Yuri Diogenes
@yuridiogenes