Install the Windows Agent on Azure VMs Using a PowerShell Script

This topics walks you through the steps for installing the Lacework Windows agent on Windows VMs in an Azure resource group using the Azure-Deploy-LW-Win.ps1 PowerShell script. The script downloads the Windows agent MSI package and installs the agent on all Windows VMs in an Azure resource group.

Prerequisites

1. Download the Lacework Powershell Script (powershell.zip file) using the instructions in Download Windows Agent Installer.
2. Unzip the powershell.zip file. The signed-scripts folder that is created contains the Azure-Deploy-LW-Win.ps1 file and the Install-LWDataCollector.ps1 file.

Install on Windows VMs in an Azure Resource Group Using the PowerShell Script

The Azure-Deploy-LW-Win.ps1 PowerShell script installs the Lacework Windows agent to all Windows VMs it located in an Azure resource group. It uses the Install-LWDataCollector.ps1 PowerShell script during the installation process.

1. The script requires an Azure Key Vault secret that contains your Lacework agent access token. Hence, do the following:

   1. In your Azure Key Vault, create a secret for the Lacework agent access token. For more information, see Agent Access Token.
   2. Note down the name of the vault and the secret.

2. Open a PowerShell terminal as an administrator.

3. Navigate to the directory that contains the Azure-Deploy-LW-Win.ps1 script on your host.

4. Run the script using the following command in the PowerShell command line:

   C:\Users\Administrator> .\Azure-Deploy-LW-Win.ps1 -EnableExtensions -Defender

   • If extension operations are disabled on an Azure VM, use the -EnableExtensions option to enable extension operations on the VM and install the Windows agent. If you do not specify this option, the Windows agent is not installed on the VMs on which you have disabled extension operations.
   • Use the -Defender option to exclude the Windows agent from scanning with Windows Defender on the VMs. Note that the Windows agent will be excluded from scanning only on the VMs on which the Defender PowerShell module is installed.

5. Specify the values for the parameters required by the script. Press Enter after you specify the value for each parameter.

   Parameter	Description
   ResourceGroups	The Azure resource group in which you want to install the Windows agent. The agent will be installed on all the Windows VMs in the specified resource group. To specify more than one resource group, enter the name of a resource group and then press Enter.
   InstallScript	The path or URL for the Install-LWDataCollector.ps1 PowerShell script. To obtain the URL, do the following: Go to the Lacework Windows Agent Releases page. This page lists the Windows agent releases you can install. Go to the release you want to install. Copy the URL for the Install-LWDataCollector.ps1 Script.
   Vault	The name of the Azure Key Vault that contains the secret for the Lacework agent access token.
   TokenSecret	The name of a secret in the Azure Key Vault for the Lacework agent access token.
   MSIURL	The URL for downloading the Windows agent MSI package. To obtain the URL, do the following: Go to the Lacework Windows Agent Releases page. This page lists the Windows agent releases you can install. Go to the release you want to install. Copy the URL for Lacework Windows Agent MSI Package.