Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: Azure machine configuration agent release notes description: Details guest configuration agent release notes, issues, and frequently asked questions. ms.date: 02/01/2024 ms.topic: release-notes --- # Azure machine configuration agent release notes ## About the machine configuration agent The machine configuration agent receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about: - The latest releases - Known issues - Bug fixes For information on release notes for the connected machine agent, see [What's new with the connected machine agent][01]. ## Windows extension release notes (Microsoft.GuestConfiguration.ConfigurationforWindows) ### Version 1.29.98.0 - July 2025 #### New Features - Announcing the general availability of System Assigned Identities for Azure Machine Configuration as well as Arc Machines, enhancing security and simplifying at-scale server management by allowing private access to configuration packages in Azure Storage. For more information, see [System-Assigned Identity-based Access for Machine Configuration Packages][11]. #### Fixed - Resolved an issue where the compliance status did not update correctly until services were restarted. - Updated local PATH environment variable to resolve service install/delete errors. ### Version 1.29.92.0 - April 2025 #### New features - Today our extension uses a maximum of 5% CPU. For cases where this needs to be configured, a configuration file "cpu_config.json" can be written under the path, /var/opt/azcmagent/. This file should contain the following configuration: ```json { "PolicyAgentCpu": 5 } ``` In this case the maximum CPU utilization of the service will be 5%. This can be configured per the needs of the required scenario. #### Updated - Migrated to .NET 8 - Upgraded to PowerShell 7.4.7 ### Version 1.29.91.0 - March 2025 #### Updated - Updated OpenSSL from version 3.4.0 to 3.4.1. #### Fixed - Resolved an issue causing a deadlock during policy execution. ### Version 1.29.86.0 - January 2025 #### Updated - Updated OpenSSL from version 3.3.2 to 3.4.0. ### Version 1.29.85.0 - October 2024 #### Updated - Updated OpenSSL from version 3.3.1 to 3.3.2. #### Fixed - Added time-outs to address an issue that caused the agent to become unresponsive when trying to read a response from the service. If the agent takes more than 3 minutes to read a response or send a request to the service, it will now time out and continue execution. ### Version 1.29.82.0 - September 2024 #### New Features - Announcing the general availability of User Assigned Identities for Azure Machine Configuration, enhancing security and simplifying at-scale server management by allowing private access to configuration packages in Azure Storage. For more information, see [User-Assigned Identity-based Access for Machine Configuration Packages][10]. ## Extension for Linux extension release notes (Microsoft.GuestConfiguration.ConfigurationforLinux) ### Version 1.26.93.0 - July 2025 #### New Features - Announcing the general availability of System Assigned Identities for Azure Machine Configuration as well as Arc Machines, enhancing security and simplifying at-scale server management by allowing private access to configuration packages in Azure Storage. For more information, see [System-Assigned Identity-based Access for Machine Configuration Packages][11]. #### Fixed - Resolved an issue where the compliance status did not update correctly until services were restarted. - Updated Boost on Linux to resolve service start issues caused by compatibility problems. - Resolved "No public key" error by adding GPG package signature validation. - Resolved gpg installation issues on debian ### Version 1.26.87 - April 2025 #### New features - Today our extension uses a maximum of 5% CPU. For cases where this needs to be configured, a configuration file "cpu_config.json" can be written under the path, /var/opt/azcmagent/. This file should contain the following configuration: ```json { "PolicyAgentCpu": 5 } ``` In this case the maximum CPU utilization of the service will be 5%. This can be configured per the needs of the required scenario. #### Updated - Updated .NET from version 6 to 8 - Updated PowerShell from version 7.2.x to 7.4.7 ### Version 1.26.85 - March 2025 #### New Features - Added support for the Linux distribution Azure Linux 3! #### Updated - Updated OpenSSL from version 3.4.0 to 3.4.1. #### Fixed - Resolved an issue causing a deadlock during policy execution. ### Version 1.26.80 - January 2025 #### Updated - Updated OpenSSL from version 3.0.15 to 3.4.0. ### Version 1.26.79 - October 2024 ##### Fixed - Added time-outs to address an issue that caused the agent to become unresponsive when trying to read a response from the service. If the agent takes more than 3 minutes to read a response or send a request to the service, it will now time out and continue execution. ### Version 1.26.77 - September 2024 #### Updated - Updated OpenSSL from version 3.0.14 to 3.0.15. ### Version 1.26.76 - September 2024 #### New Features - Announcing the general availability of User Assigned Identities for Azure Machine Configuration, enhancing security and simplifying at-scale server management by allowing private access to configuration packages in Azure Storage. For more information, see [User-Assigned Identity-based Access for Machine Configuration Packages][10]. ### Version 1.26.48 - January 2023 #### New Features - Added support for Linux distributions such as Red Hat Enterprise Linux (RHEL) 9, Mariner 1 and 2, Alma 9, and Rocky 9. #### Fixed - Improved reliability for the guest configuration policy engine. ### Version 1.26.38 In this release, various improvements were made. - You can now restrict which URLs can be used to download machine configuration packages by setting the `allowedGuestConfigPkgUrls` tag on the server resource and providing a comma-separated list of URL patterns to allow. If the tag exists, the agent only allows custom packages to be downloaded from the specified URLs. Built-in packages are unaffected by this feature. #### Fixed - Resolves local elevation of privilege vulnerability [CVE-2022-38007][03]. - If you're currently running an older version of the AzurePolicyforLinux extension, use the PowerShell or Azure CLI commands in the following examples to update your extension to the latest version. ```azurepowershell-interactive $params = @{ Publisher = 'Microsoft.GuestConfiguration' Type = 'ConfigurationforLinux' Name = 'AzurePolicyforLinux' TypeHandlerVersion = '1.26.38' ResourceGroupName = '<resource-group>' Location = '<location>' VMName = '<vm-name>' EnableAutomaticUpgrade = $true } Set-AzVMExtension @params ``` ```azurecli az vm extension set \ --publisher Microsoft.GuestConfiguration \ --name ConfigurationforLinux \ --extension-instance-name AzurePolicyforLinux \ --resource-group <resource-group> \ --vm-name <vm-name> \ --version 1.26.38 \ --enable-auto-upgrade true ``` ## Next steps - Set up a custom machine configuration package [development environment][04]. - [Create a package artifact][05] for machine configuration. - [Test the package artifact][06] from your development environment. - Use the `GuestConfiguration` module to [create an Azure Policy definition][07] for at-scale management of your environment. - [Assign your custom policy definition][08] using Azure portal. - Learn how to view [compliance details for machine configuration][09] policy assignments. <!-- Reference link definitions --> [01]: /azure/azure-arc/servers/agent-release-notes [03]: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007 [04]: ../how-to/develop-custom-package/1-set-up-authoring-environment.md [05]: ../how-to/develop-custom-package/2-create-package.md [06]: ../how-to/develop-custom-package/3-test-package.md [07]: ../how-to/create-policy-definition.md [08]: ../../policy/assign-policy-portal.md [09]: ../../policy/how-to/determine-non-compliance.md [10]: https://techcommunity.microsoft.com/blog/azuregovernanceandmanagementblog/user-assigned-identity-based-access-for-machine-configuration-packages-%E2%80%93-general/4305594 [11]: https://techcommunity.microsoft.com/blog/azuregovernanceandmanagementblog/system-assigned-identity-based-access-for-machine-configuration-packages-%E2%80%93-ga-on/4446603