Json |
{
"properties": {
"displayName": "[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "This policy deploys the Log Analytics agent to Windows Azure Arc machines if the agent isn't installed.",
"metadata": {
"version": "1.1.0-preview",
"category": "Monitoring",
"preview": true
},
"parameters": {
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "[Preview]: Log Analytics workspace",
"description": "Specify the Log Analytics workspace the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
"strongType": "omsWorkspace",
"assignPermissions": true
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/machines"
},
{
"field": "Microsoft.HybridCompute/imageOffer",
"like": "windows*"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.HybridCompute/machines/extensions",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.HybridCompute/machines/extensions/type",
"equals": "MicrosoftMonitoringAgent"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/publisher",
"equals": "Microsoft.EnterpriseCloud.Monitoring"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
"equals": "Succeeded"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"logAnalytics": {
"type": "string"
}
},
"variables": {
"vmExtensionName": "MicrosoftMonitoringAgent",
"vmExtensionPublisher": "Microsoft.EnterpriseCloud.Monitoring",
"vmExtensionType": "MicrosoftMonitoringAgent"
},
"resources": [
{
"name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2019-12-12",
"properties": {
"publisher": "[variables('vmExtensionPublisher')]",
"type": "[variables('vmExtensionType')]",
"settings": {
"workspaceId": "[reference(parameters('logAnalytics'), '2015-03-20').customerId]",
"stopOnMultipleConnections": "true"
},
"protectedSettings": {
"workspaceKey": "[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]"
}
}
}
],
"outputs": {
"policy": {
"type": "string",
"value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
}
}
},
"parameters": {
"vmName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
}
}
}
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "69af7d4a-7b18-4044-93a9-2651498ef203"
}
|