Azure Automation account to enforce/report STIG compliance for Azure

[donwestleidos]

We have run through the steps for azure environments Execute the commands below to install the StigRepo Module, build your Stig Repository, and prepare an Azure Automation account to enforce/report STIG compliance for Azure Infrastructure. Cmdlet Description Install-Module StigRepo Installs the StigRepo module from the Powershell Gallery. Initialize-StigRepo Builds the STIG Compliance Automation Repository and installs dependencies on the local system New-AzSystemData Builds System Data for Azure VMs Publish-AzAutomationModules Uploads Modules to an Azure Automation Account

The next step listed is Export-AzDscConfigurations This step fails with a command not found. I have run through the steps 2 different times with same results

[donwestleidos]

Publishing Modules to Azure Automation Publishing VMware.VimAutomation.Sdk Version 12.5.0.19093564 Publishing VMware.VimAutomation.Common Version 12.5.0.19093563 Publishing AuditPolicyDsc Version 1.4.0.0 Publishing AuditSystemDsc Version 1.1.0 Publishing AccessControlDsc Version 1.4.2 Publishing ComputerManagementDsc Version 8.5.0 Publishing FileContentDsc Version 1.3.0.151 Publishing GPRegistryPolicyDsc Version 1.2.0 Publishing PSDscResources Version 2.12.0.0 Publishing SecurityPolicyDsc Version 2.10.0.0 Publishing SqlServerDsc Version 15.2.0 Publishing WindowsDefenderDsc Version 2.2.0 Publishing xDnsServer Version 2.0.0 Publishing xWebAdministration Version 3.2.0 Publishing CertificateDsc Version 5.1.0 Publishing nx Version 1.0 Publishing PowerSTIG Version 4.12.0 Publishing StigRepo Version 1.5 Publishing VMWare.Vim Version 7.0.3.19093568 Publishing VMware.VimAutomation.Common Version 12.5.0.19093563

    Azure Automation Module Sync complete.

PS C:\Windows\system32> Export-AzDscConfigurations Export-AzDscConfigurations : The term 'Export-AzDscConfigurations' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1

• Export-AzDscConfigurations

• 
  + CategoryInfo          : ObjectNotFound: (Export-AzDscConfigurations:String) [], CommandNotFoundException
  + FullyQualifiedErrorId : CommandNotFoundException

[donwestleidos]

I see that the modules are uploaded to the azure automation account. I am performing the steps using PS on AD domain joined windows server 2019 sitting in the same AD environment as the target azure servers. I considered the possibility that somehow the commands are getting "confused" between Active Directory environments and Azure environments. All servers are sitting in azure gov (US DOD East) region.

[donwestleidos]

Does the fact that we have active directory built on VM's sitting in azure and integrated with AAD change anything about the commands or steps required?