Configuration drift refers to changes made over time that cause a computer or service to deviate from a desired configuration. Configuration drift of a group of machines can be managed by defining configuration intent. Intent is defined by defining a configuration baseline comprised of a collection of related configuration rules. Configuration rules include settings, and targets which can be any managed entity that enables reporting of non-compliance at a more granular level. A configuration baseline can be completed by reading configuration rules from one or more well-configured computers. Configuration drift is assessed by comparing actual values to the configuration baseline values and is reported at a managed entity level instead of at a machine level. Remediation, returning the computer to a state of compliance with the configuration baseline, can be performed on demand. Remediations performed over time are retained and applied to a new instance of the service to eliminate configuration drift on the new instance.
展开▼
