| JSON |
{
"properties": {
"displayName": "Configure Log Analytics agent on Azure Arc enabled Windows servers",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs.",
"metadata": {
"version": "1.2.0",
"category": "Monitoring"
},
"parameters": {
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics workspace",
"description": "Specify the Log Analytics workspace the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
"strongType": "omsWorkspace",
"assignPermissions": true
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/machines"
},
{
"field": "Microsoft.HybridCompute/imageOffer",
"like": "windows*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.HybridCompute/machines/extensions",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.HybridCompute/machines/extensions/type",
"equals": "MicrosoftMonitoringAgent"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/publisher",
"equals": "Microsoft.EnterpriseCloud.Monitoring"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
"equals": "Succeeded"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"logAnalytics": {
"type": "string"
}
},
"variables": {
"vmExtensionName": "MicrosoftMonitoringAgent",
"vmExtensionPublisher": "Microsoft.EnterpriseCloud.Monitoring",
"vmExtensionType": "MicrosoftMonitoringAgent"
},
"resources": [
{
"name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2019-12-12",
"properties": {
"publisher": "[variables('vmExtensionPublisher')]",
"type": "[variables('vmExtensionType')]",
"settings": {
"workspaceId": "[reference(parameters('logAnalytics'), '2015-03-20').customerId]",
"stopOnMultipleConnections": "true"
},
"protectedSettings": {
"workspaceKey": "[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]"
}
}
}
],
"outputs": {
"policy": {
"type": "string",
"value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
}
}
},
"parameters": {
"vmName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
}
}
}
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "69af7d4a-7b18-4044-93a9-2651498ef203"
}
|