last sync: 2021-Jan-18 16:05:48 UTC

Azure Policy definition

[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines

Name [Preview]: Deploy Log Analytics agent to Windows Azure Arc machines
Azure Portal
Id 69af7d4a-7b18-4044-93a9-2651498ef203
Version 1.1.0-preview
details on versioning
Category Monitoring
Microsoft docs
Description This policy deploys the Log Analytics agent to Windows Azure Arc machines if the agent isn't installed.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-05-29 15:39:09 change Previous DisplayName: [Preview]: Deploy Log Analytics agent to hybrid Windows VMs managed in Azure Arc
2020-05-21 16:06:38 add 69af7d4a-7b18-4044-93a9-2651498ef203
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
Enable Azure Monitor for VMs 55f3eceb-5573-4f18-9695-226972c6d74a Monitoring GA
Json
{
  "properties": {
  "displayName": "[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys the Log Analytics agent to Windows Azure Arc machines if the agent isn't installed.",
    "metadata": {
      "version": "1.1.0-preview",
      "category": "Monitoring",
      "preview": true
    },
    "parameters": {
      "logAnalytics": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Log Analytics workspace",
          "description": "Specify the Log Analytics workspace the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace",
          "assignPermissions": true
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.HybridCompute/machines"
          },
          {
            "field": "Microsoft.HybridCompute/imageOffer",
            "like": "windows*"
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.HybridCompute/machines/extensions",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.HybridCompute/machines/extensions/type",
                "equals": "MicrosoftMonitoringAgent"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/publisher",
                "equals": "Microsoft.EnterpriseCloud.Monitoring"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
                "equals": "Succeeded"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "logAnalytics": {
                    "type": "string"
                  }
                },
                "variables": {
                  "vmExtensionName": "MicrosoftMonitoringAgent",
                  "vmExtensionPublisher": "Microsoft.EnterpriseCloud.Monitoring",
                  "vmExtensionType": "MicrosoftMonitoringAgent"
                },
                "resources": [
                  {
                  "name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
                    "type": "Microsoft.HybridCompute/machines/extensions",
                  "location": "[parameters('location')]",
                    "apiVersion": "2019-12-12",
                    "properties": {
                    "publisher": "[variables('vmExtensionPublisher')]",
                    "type": "[variables('vmExtensionType')]",
                      "settings": {
                      "workspaceId": "[reference(parameters('logAnalytics'), '2015-03-20').customerId]",
                        "stopOnMultipleConnections": "true"
                      },
                      "protectedSettings": {
                      "workspaceKey": "[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]"
                      }
                    }
                  }
                ],
                "outputs": {
                  "policy": {
                    "type": "string",
                  "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
                  }
                }
              },
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "69af7d4a-7b18-4044-93a9-2651498ef203"
}