Azure AVD - Add VM to host pool - custom config URLs | Json file format

Question

I need to install sophos AV when new VM's are added to a host pool. I can't script sophos installs via AIB as the application needs dynamic data from the Sophos Cloud Management Console to generealise the image and this is a manual job.

As such I am planning to deploy Sophos when a VM is added to a host pool via "ARM Template File URL": However I have no idea how to script this .json file in order for this to work, I have googled quite a lot and this is the closer I got:

{
 "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
 "contentVersion": "1.0.0.0",
 "variables": {},
 "resources": [
     {
         "type": "Microsoft.Compute/virtualMachines/extensions",
         "apiVersion": "2018-06-01",
         "name": "[concat(parameters('vmName'),'/CustomScriptExtension')]",
         "location": "[resourceGroup().location]",
         "properties": {
             "publisher": "Microsoft.Compute",
             "type": "CustomScriptExtension",
             "typeHandlerVersion": "1.10",
             "autoUpgradeMinorVersion": true,
             "settings": {
                 "fileUris": [
                     "https://demostoracc.file.core.windows.net/scripts/sophos_install.ps1"
                 ],
                 "timestamp": 202101021
             },
             "protectedSettings": {
                 "commandToExecute": "powershell.exe -ExecutionPolicy Unrestricted -File sophos_install.ps1"
             }
         }
     }
 ]

}

But still not working.

I understand that the .json file should be stored on a blob and then the blob referenced on the AVD Post update custom configuration.

Answer 1

Try setting the Access Level of the Blob Container to Public. (The field doesn't seem to accept SAS Tokens unfortunately, by the way)