AzPolicyAdvertizer

last sync: 2020-Sep-25 13:37:27 UTC

Azure Policy

[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines

Policy DisplayName [Preview]: Deploy Log Analytics agent to Windows Azure Arc machines
Policy Id 69af7d4a-7b18-4044-93a9-2651498ef203
Policy Category Monitoring
Policy Description This policy deploys the Log Analytics agent to Windows Azure Arc machines if the agent isn't installed.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Fixed: deployIfNotExists
Roles used
Role Name Role Id
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-05-29 15:39:09 change: DisplayName previous DisplayName: [Preview]: Deploy Log Analytics agent to hybrid Windows VMs managed in Azure Arc
2020-05-21 16:06:38 add: Policy 69af7d4a-7b18-4044-93a9-2651498ef203
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
Enable Azure Monitor for VMs 55f3eceb-5573-4f18-9695-226972c6d74a
Policy Rule 
{
  "properties": {
  "displayName": "[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys the Log Analytics agent to Windows Azure Arc machines if the agent isn't installed.",
    "metadata": {
      "version": "1.1.0-preview",
      "category": "Monitoring",
      "preview": true
    },
    "parameters": {
      "logAnalytics": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Log Analytics workspace",
          "description": "Specify the Log Analytics workspace the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace",
          "assignPermissions": true
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.HybridCompute/machines"
          },
          {
            "field": "Microsoft.HybridCompute/imageOffer",
            "like": "windows*"
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.HybridCompute/machines/extensions",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.HybridCompute/machines/extensions/type",
                "equals": "MicrosoftMonitoringAgent"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/publisher",
                "equals": "Microsoft.EnterpriseCloud.Monitoring"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
                "equals": "Succeeded"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "logAnalytics": {
                    "type": "string"
                  }
                },
                "variables": {
                  "vmExtensionName": "MicrosoftMonitoringAgent",
                  "vmExtensionPublisher": "Microsoft.EnterpriseCloud.Monitoring",
                  "vmExtensionType": "MicrosoftMonitoringAgent"
                },
                "resources": [
                  {
                  "name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
                    "type": "Microsoft.HybridCompute/machines/extensions",
                  "location": "[parameters('location')]",
                    "apiVersion": "2019-12-12",
                    "properties": {
                    "publisher": "[variables('vmExtensionPublisher')]",
                    "type": "[variables('vmExtensionType')]",
                      "settings": {
                      "workspaceId": "[reference(parameters('logAnalytics'), '2015-03-20').customerId]",
                        "stopOnMultipleConnections": "true"
                      },
                      "protectedSettings": {
                      "workspaceKey": "[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]"
                      }
                    }
                  }
                ],
                "outputs": {
                  "policy": {
                    "type": "string",
                  "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
                  }
                }
              },
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "69af7d4a-7b18-4044-93a9-2651498ef203"
}