AzPolicyAdvertizer

last sync: 2025-May-21 17:57:15 UTC

Configure Windows VMSS to run AMA with cross subscription user-assigned managed identity-based authentication

Community Policy definition

Source

Repository Community-Policy GitHub
JSON Community-Policy GitHub

Deploy policy 6eef296d-6e58-5404-acb0-a102bd5f0ee6 (1.0.0) to Azure

Display name

Configure Windows VMSS to run AMA with cross subscription user-assigned managed identity-based authentication

6eef296d-6e58-5404-acb0-a102bd5f0ee6

Version

1.0.0
Details on versioning

Category

Monitoring
Microsoft Learn

Description

Adapted from built-in /providers/Microsoft.Authorization/policyDefinitions/98569e20-8f32-4f31-bf34-0e91590ae9d3 with minimal changes to support a cross subscription UAMI. This policy is meant to be assigned at Management Group Level, otherwise you must assign manualy the permissions */read to the Policy Managed Idenity on the cross subscription UAMI.Automate the deployment of Azure Monitor Agent extension on your Windows virtual machines for collecting telemetry data from the guest OS.

Mode

Indexed

Type

Custom Community

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Rule aliases

IF (5)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageId	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.id properties.virtualMachineProfile.storageProfile.imageReference.id properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSku	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.osType	Microsoft.Compute	virtualMachineScaleSets	properties.virtualMachineProfile.storageProfile.osDisk.osType	True	False

THEN-ExistenceCondition (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.provisioningState	True	False
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.publisher	True	False
Microsoft.Compute/virtualMachineScaleSets/extensions/type	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.type	True	False

Rule resource types

IF (1)
Microsoft.Compute/virtualMachineScaleSets
THEN-Deployment (1)
Microsoft.Compute/virtualMachineScaleSets/extensions

JSON

EPAC