Add Azure Antimalware Extension to a VM Scale Set


If you're running a Windows Server 2016 base image, ignore this post because we've built Windows Defender in. However, if you're running Server 2012R2, for example, and wish to apply the Microsoft Antimalware Extension to an existing VM Scale Set, here is a PowerShell script to do it:

# Add the Microsoft Antimalware Extension to an Azure VMSS
# Assumes you have already authenticated your PowerShell session
# with Login-AzureRMAccount and selected the correct subscription
# with Select-AzureRMSubscription

$rgname = 'myResourceGroupName'
$vmssname = 'myVMSSName'
$location = 'westcentralus' # change to the Azure Region of your VMSS

# retrieve the most recent major version number of the extension
$allVersions= (Get-AzureRmVMExtensionImage -Location $location -PublisherName "Microsoft.Azure.Security" -Type "IaaSAntimalware").Version
$latestVersion=$allVersions[-1]
$majorVersion=$latestVersion.Substring(0,$latestVersion.IndexOf('.', 2))

$VMSS = Get-AzureRmVmss -ResourceGroupName $rgname -VMScaleSetName $vmssname
Add-AzureRmVmssExtension -VirtualMachineScaleSet $VMSS -Name "IaaSAntimalware" -Publisher "Microsoft.Azure.Security" -Type "IaaSAntimalware" -TypeHandlerVersion $majorVersion
Update-AzureRmVmss -ResourceGroupName $rgname -Name $vmssname -VirtualMachineScaleSet $VMSS

A customer asked me how to do this. I didn't know, so I asked around, put it together, tested it, and thought I'd share.

Special thanks to Guy Bowerman for help with the script and a quick review.

References
Azure VM Scale Sets
Windows Defender Built into Server 2016

Comments (0)

Skip to main content