Edit

Share via

Deploy and configure Azure Monitor Agent using Azure Policy

This article covers how to deploy and configure the Azure Monitor Agent (AMA) to Arc-enabled servers through Azure Policy using a custom policy definition. Using Azure Policy ensures that Azure Monitor is running on your selected Arc-enabled servers and that the AMA is automatically installed on newly added Arc resources.

Deploying the Azure Monitor Agent through a custom Policy definition involves two main steps:

  • Selecting an existing or creating a new Data Collection Rule (DCR)
  • Creating and deploying the policy definition

In order for Azure Monitor to work on a machine, it needs to be associated with a Data Collection Rule (DCR). You include the resource ID of the DCR when you create your policy definition.

Select a Data Collection Rule

Data Collection Rules define the data collection process in Azure Monitor. They specify what data should be collected and where that data should be sent. You'll need to select or create a DCR to be associated with your Policy definition.

  1. From your browser, go to the Azure portal.

  2. Navigate to the Monitor | Overview page. Under Settings, select Data Collection Rules to show the list of existing DCRs.

  3. Select the DCR that you want to use.

  4. Select Overview, then select JSON View to view the JSON code for the DCR:

    Screenshot of the Overview window for a data collection rule highlighting the JSON view button.

  5. Locate the Resource ID field at the top of the Resource JSON pane, then select the button to copy the resource ID. You'll need to use this resource ID when creating your policy definition.

Create and deploy the Policy definition

In order for Azure Policy to check if the Azure Monitor Agent is installed on your Arc-enabled servers, you need to create a custom policy definition that does the following:

  • Evaluates if new VMs have the agent installed and are associated with the DCR.

  • Enforces a remediation task to install the Azure Monitor Agent and create the association with the DCR on any VMs that aren't compliant with the policy.

  1. Select one of the following policy definition templates, depending on the operating system of the machine:

    These templates are used to create a policy to configure machines to run Azure Monitor Agent and associate those machines to a DCR.

  2. Select Assign initiative to begin creating the policy definition. Enter the applicable information for each tab. For more information about these options, see Create a policy assignment .

  3. On the Parameters tab, paste the Data Collection Rule Resource ID that you copied during the previous procedure:

    Screenshot of the Parameters tab highlighting the Data Collection Rule Resource ID field.

  4. Select Review + create to complete policy creation and deploy it to the applicable machines. Once Azure Monitor Agent is deployed, your Azure Arc-enabled servers can apply its services and use it for log collection.

Additional resources