last sync: 2021-Jan-18 16:05:48 UTC

Azure Policy definition

[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines

Name [Preview]: Deploy Log Analytics agent to Linux Azure Arc machines
Azure Portal
Id 9d2b61b4-1d14-4a63-be30-d4498e7ad2cf
Version 1.1.0-preview
details on versioning
Category Monitoring
Microsoft docs
Description This policy deploys the Log Analytics agent to Linux Azure Arc machines if the agent isn't installed.
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-05-29 15:39:09 add 9d2b61b4-1d14-4a63-be30-d4498e7ad2cf
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
Enable Azure Monitor for VMs 55f3eceb-5573-4f18-9695-226972c6d74a Monitoring GA
Json
{
  "properties": {
  "displayName": "[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy deploys the Log Analytics agent to Linux Azure Arc machines if the agent isn't installed.",
    "metadata": {
      "version": "1.1.0-preview",
      "category": "Monitoring",
      "preview": true
    },
    "parameters": {
      "logAnalytics": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Log Analytics workspace",
          "description": "Specify the Log Analytics workspace the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace",
          "assignPermissions": true
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.HybridCompute/machines"
          },
          {
            "field": "Microsoft.HybridCompute/imageOffer",
            "like": "linux*"
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.HybridCompute/machines/extensions",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.HybridCompute/machines/extensions/type",
                "equals": "OmsAgentForLinux"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/publisher",
                "equals": "Microsoft.EnterpriseCloud.Monitoring"
              },
              {
                "field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
                "equals": "Succeeded"
              }
            ]
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vmName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "logAnalytics": {
                    "type": "string"
                  }
                },
                "variables": {
                  "vmExtensionName": "OMSAgentForLinux",
                  "vmExtensionPublisher": "Microsoft.EnterpriseCloud.Monitoring",
                  "vmExtensionType": "OmsAgentForLinux"
                },
                "resources": [
                  {
                  "name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
                    "type": "Microsoft.HybridCompute/machines/extensions",
                  "location": "[parameters('location')]",
                    "apiVersion": "2019-12-12",
                    "properties": {
                    "publisher": "[variables('vmExtensionPublisher')]",
                    "type": "[variables('vmExtensionType')]",
                      "settings": {
                      "workspaceId": "[reference(parameters('logAnalytics'), '2015-03-20').customerId]",
                        "stopOnMultipleConnections": "true"
                      },
                      "protectedSettings": {
                      "workspaceKey": "[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]"
                      }
                    }
                  }
                ],
                "outputs": {
                  "policy": {
                    "type": "string",
                  "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
                  }
                }
              },
              "parameters": {
                "vmName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                },
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9d2b61b4-1d14-4a63-be30-d4498e7ad2cf"
}