Skip to content

Commit 716c9fc

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #313363 from MutemwaRMasheke/March2026-Remediation
Update remediation options documentation
2 parents 23d38f2 + 1ddb5fe commit 716c9fc

1 file changed

Lines changed: 13 additions & 0 deletions

File tree

articles/governance/machine-configuration/concepts/remediation-options.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,18 @@ ms.topic: how-to
88

99
Before you begin, it's a good idea to read the overview page for [machine configuration][01].
1010

11+
> [!NOTE]
12+
> Machine Configuration participates in Azure Policy's [Safe Deployment framework][15]. This means that newly assigned policies automatically apply to machines deployed or updated after the assignment. To extend coverage to existing machines, simply enable "Create a remediation task" on the Remediation tab when assigning through the Azure portal. This ensures all in-scope machines receive the configuration automatically, with no manual intervention needed. In ApplyAndAutoCorrect mode, the remediation task only needs to run once per existing noncompliant machine. After the initial deployment, the Machine Configuration agent continuously enforces and auto-corrects drift on its own.
13+
14+
> [!IMPORTANT]
15+
> If an Azure Policy assignment is created from the Azure portal, on the "Remediation" tab a checkbox
16+
> labeled "Create a remediation task" is available. When the box is checked, after the policy
17+
> assignment is created remediation tasks automatically correct any resources that evaluate to
18+
`NonCompliant`. The effect of this setting for machine configuration is that you can deploy a configuration across
19+
many machines by assigning a policy. You don't also have to run the remediation task manually for
20+
machines that aren't compliant.
21+
22+
1123
> [!IMPORTANT]
1224
> The machine configuration extension is required for Azure virtual machines. To deploy the
1325
> extension at scale across all machines, assign the following policy initiative:
@@ -163,3 +175,4 @@ report on compliance status and allow drift or to automatically correct.
163175
[12]: ../how-to/create-policy-definition.md
164176
[13]: ../../policy/assign-policy-portal.md
165177
[14]: ../../policy/how-to/determine-non-compliance.md
178+
[15]: ../../policy/how-to/policy-safe-deployment-practices.md

0 commit comments

Comments
 (0)