last sync: 2020-Sep-25 13:37:27 UTC

Azure Policy

[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines

Policy DisplayName [Preview]: Deploy Log Analytics agent to Linux Azure Arc machines
Policy Id 9d2b61b4-1d14-4a63-be30-d4498e7ad2cf
Policy Category Monitoring
Policy Description This policy deploys the Log Analytics agent to Linux Azure Arc machines if the agent isn't installed.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Fixed: deployIfNotExists
Roles used
Role Name Role Id
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-05-29 15:39:09 add: Policy 9d2b61b4-1d14-4a63-be30-d4498e7ad2cf
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
Enable Azure Monitor for VMs 55f3eceb-5573-4f18-9695-226972c6d74a
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys the Log Analytics agent to Linux Azure Arc machines if the agent isn't installed.",
    "metadata": {
      "version": "1.1.0-preview",
      "category": "Monitoring",
      "preview": true
    },
    "parameters": {
      "logAnalytics": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Log Analytics workspace",
          "description": "Specify the Log Analytics workspace the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace",
          "assignPermissions": true
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.HybridCompute/machines"
          },
          {
            "field": "Microsoft.HybridCompute/imageOffer",
            "like": "linux*"
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.HybridCompute/machines/extensions",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.HybridCompute/machines/extensions/type",
                "equals": "OmsAgentForLinux"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/publisher",
                "equals": "Microsoft.EnterpriseCloud.Monitoring"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
                "equals": "Succeeded"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "logAnalytics": {
                    "type": "string"
                  }
                },
                "variables": {
                  "vmExtensionName": "OMSAgentForLinux",
                  "vmExtensionPublisher": "Microsoft.EnterpriseCloud.Monitoring",
                  "vmExtensionType": "OmsAgentForLinux"
                },
                "resources": [
                  {
                  "name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
                    "type": "Microsoft.HybridCompute/machines/extensions",
                  "location": "[parameters('location')]",
                    "apiVersion": "2019-12-12",
                    "properties": {
                    "publisher": "[variables('vmExtensionPublisher')]",
                    "type": "[variables('vmExtensionType')]",
                      "settings": {
                      "workspaceId": "[reference(parameters('logAnalytics'), '2015-03-20').customerId]",
                        "stopOnMultipleConnections": "true"
                      },
                      "protectedSettings": {
                      "workspaceKey": "[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]"
                      }
                    }
                  }
                ],
                "outputs": {
                  "policy": {
                    "type": "string",
                  "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
                  }
                }
              },
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9d2b61b4-1d14-4a63-be30-d4498e7ad2cf"
}