You are the architect for a software company that provides application servers to customers. The application servers are Azure virtual machines (VMs) running Windows Server 2012 R2 under your company’s Azure subscription. The VMs are administrated by customers, and each customer customizes the system to meet its specific needs. You identify the following requirements:
– The customer must not modify the LocalSystem service account on the VMs.
– The customer must run the Azure VM Agent.
– You must set the value of the PowerShell execution policy to Remote Signed for all customers.
When a critical security issue is discovered, the application servers must be updated with a security update as quickly as possible, without waiting for customer action. You need to design a strategy that allows for security issues to be updated as quickly as possible.
What should you do?
A. Convert the application so that it runs under a Hyper-V container, and run the security update script on the host system.
B. Build the security update script into a new base Windows Server 2012 R2 image and deploy the image by using a Virtual Machine Scale Set.
C. Use WinRM to run the security update script on each customer VM.
D. Create an AzureVMCustomScriptExtension to run the security update on each VM.