Merge pull request #306924 from MutemwaRMasheke/oct-docs

prmerger-automator[bot] · web-flow · commit 08efe90c73c7 · 2025-10-15T02:22:24.000Z
Oct docs
diff --git a/articles/governance/machine-configuration/concepts/assignments.md b/articles/governance/machine-configuration/concepts/assignments.md
@@ -34,6 +34,9 @@ resource type is `Microsoft.GuestConfiguration/guestConfigurationAssignments`. A
 the **complianceStatus** property of the guest assignment resource to report compliance status. For
 more information, see [getting compliance data][02].
 
+> [!NOTE]
+> When assigning a custom policy that deploys a guest configuration, the assignmentType property on the guest assignment resource may temporarily appear as "Null" before being updated to reflect the value specified in the policy definition. This is expected behavior and typically resolves within one hour.
+
 ### Deletion of guest assignments from Azure Policy
 
 When an Azure Policy assignment is deleted, if the policy created a machine configuration
diff --git a/articles/governance/machine-configuration/how-to/develop-custom-package/2-create-package.md b/articles/governance/machine-configuration/how-to/develop-custom-package/2-create-package.md
@@ -175,6 +175,17 @@ $params = @{
 }
 New-GuestConfigurationPackage @params
 ```
+```powershell
+# Create a package that will audit the configuration at 180 minute intervals
+$params = @{
+    Name          = 'MyConfig'
+    Configuration = './MyConfig/MyConfig.mof'
+    Type          = 'Audit'
+    Force         = $true
+    FrequencyMinutes = 180
+}
+New-GuestConfigurationPackage @params
+```
 
 An object is returned with the **Name** and **Path** of the created package.
 
diff --git a/articles/governance/machine-configuration/overview.md b/articles/governance/machine-configuration/overview.md
@@ -160,6 +160,13 @@ Machine configuration policy definitions support custom virtual machine images a
 one of the operating systems in the previous table. Machine Configuration does not support VMSS 
 uniform but does support [VMSS Flex][46].
 
+> [!IMPORTANT]
+> For any VM extension to function correctly in Azure, write permissions must be granted to the /var/lib directory. Without this permission, the Machine Configuration extension cannot be installed.
+> For Azure Arc-enabled servers, write access to specific directories is also required to enable logging and telemetry.
+> As a result, Azure Machine Configuration does not have official support for default CIS-hardened or SELinux configurations.
+> Additional configuration may be necessary for the extension to operate as expected.
+> Customers using hardened environments should evaluate compatibility and plan accordingly.
+
 ## Network requirements
 
 Azure virtual machines can use either their local virtual network adapter (vNIC) or Azure Private
