What is Azure Automation DSC?

Inside the configuration block, node configurations are defined.  These configurations specify the desired configuration for a set of nodes (or computers) in your environment that should be configured the same. In effect, a node configuration represents a "role" for one or more nodes to assume. A node configuration block starts with the “node” keyword. The name of the role being defined follows the node keyword.  Braces are then used to delimit the node configuration block.

Resource blocks are defined within the node configuration block to configure specific DSC resources such as IIS, File Services, etc.  A resource block starts with the name of the resource, followed by the identifier you want to specify for that block.  Braces are used to delimit the block in the same manner they are used to delimit the node configuration block.

Compiling a DSC configuration generates a DSC node configuration, which is also known as a MOF document.  DSC nodes then apply the DSC configuration to maintain a desired state.

As an aside, keep in mind that a configuration can only include ONE configuration block.

Node Configuration

Node configurations are generated when a DSC Configuration is compiled.  As mentioned previously, a node configuration is the same as a "MOF document".  Node configuration typically represents a "role," or “feature”, such as webserver, that DSC should check for compliance against.

DSC nodes are notified of node configurations that pertain to them via either DSC push, or pull methods. Azure Automation DSC relies on the DSC pull method.  What this means is that DSC nodes actively request node configurations from the Azure Automation DSC pull server.  A distinct advantage of using the DSC pull method is that the DSC nodes can live behind a firewall with all inbound ports closed.  All that is needed is outbound access to the internet.  There are no firewall issues to deal with.

DSC Node

A DSC node is Windows or Linux machine with a configuration that is managed by DSC. DSC nodes can be on-premises VMs, on-premises physical machines, or machines in a public cloud. Nodes pull down node configurations from the DSC pull server in order maintain compliance with the desired state configuration defined.  DSC nodes also report the status of their configuration and compliance to a reporting server.


DSC resources are the keys to defining a Windows PowerShell Desired State Configuration (DSC) configuration. Built-in resources include files and folders, server features and roles, registry settings, environment variables, and services and processes.

Click here to join the Understanding Azure Facebook group or here for the latest Azure practice questions, answers, explanations, and reference materials.

Thomas Mitchell

Tom is a 20+ year veteran of the IT industry and carries numerous Microsoft certifications, including the MCSE: Cloud Platform and Infrastructure certification. A Subject Matter Expert in Active Directory and Microsoft Exchange, Tom also possesses expert-level knowledge in several other IT disciplines, including Azure, Storage, and O365/Exchange Online. You can find Tom at his website, on LinkedIn, or on Facebook. Need to reach him by phone? Call 484-334-2790.