Is the Azure VM DSC Extension a Prerequisite for DSC Certificate Auto-Renew

Can someone please help me with the following question

I read the following article, which said with Windows 2019 onwards, the DSC certificate (the one created when the node is on-boarded to Azure Automation DSC) used for secure comms with the Azure-hosted Pull Server, will be “Automatically Renwed”

Previously they were not automatically renewed and you had to re-onboard the node to create a new certificate.

My question is as follows

Does this new functionality only work with Azure VMs which have the ‘virtual machine DSC extension’ installed?

For example what about on-premise physical servers which have been onboard to Azure Automation DSC via feeding their local configuration manager e.g.

Get-AzureRmAutomationDscOnboardingMetaconfig @Params


Set-DscLocalConfigurationManager # on the local on-premise physical server

Basically, these on-premise physical servers have no VM extensions as they are not VMs and not hosted in the cloud

Therefore if the DSC automatic certificate renewal is achieved via the VM DSC Extension then logically it will not work for physical on-premise servers currently on-board to Azure Automation DSC

Can someone please clarify, answer the above questions