AzPolicyAdvertizer

last sync: 2025-Apr-28 19:51:35 UTC

Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication

ae8a10e6-19d6-44a3-a02d-a2bdfc707742

Version

3.9.0
Details on versioning

Versioning

Versions supported for Versioning: 6
3.9.0
3.8.0
3.7.0
3.6.0
3.5.0
3.4.0
Built-in Versioning [Preview]

Category

Monitoring
Microsoft Learn

Description

Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview.

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '3.*.*'

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Rule aliases

IF (5)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageId	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.id properties.virtualMachineProfile.storageProfile.imageReference.id properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSku	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	True	True

THEN-ExistenceCondition (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/virtualMachines/extensions/provisioningState	Microsoft.Compute	virtualMachines/extensions	properties.provisioningState	True	False
Microsoft.Compute/virtualMachines/extensions/publisher	Microsoft.Compute	virtualMachines/extensions	properties.publisher	True	False
Microsoft.Compute/virtualMachines/extensions/type	Microsoft.Compute	virtualMachines/extensions	properties.type	True	False

Rule resource types

IF (1)

Microsoft.Compute/virtualMachines

THEN-Deployment (1)

Microsoft.Compute/virtualMachines/extensions

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Deprecated]: Configure machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent	362ab02d-c362-417e-a525-45805d58e21d	Security Center	Deprecated	BuiltIn	unknown
[Deprecated]: Configure machines to create the user-defined Microsoft Defender for Cloud pipeline using Azure Monitor Agent	500ab3a2-f1bd-4a5a-8e47-3e09d9a294c3	Security Center	Deprecated	BuiltIn	unknown
[Deprecated]: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA)	9dffaf29-5905-4145-883c-957eb442c226	Monitoring	Deprecated	BuiltIn	unknown
Deploy Linux Azure Monitor Agent with user-assigned managed identity-based auth and associate with Data Collection Rule	babf8e94-780b-4b4d-abaa-4830136a8725	Monitoring	GA	BuiltIn	true
Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA)	924bfe3a-762f-40e7-86dd-5c8b95eb09e6	Monitoring	GA	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2025-04-22 16:46:02	change	Minor (3.8.0 > 3.9.0)
2024-07-30 18:18:24	change	Minor (3.7.0 > 3.8.0)
2024-05-13 17:44:58	change	Minor (3.6.0 > 3.7.0)
2024-04-12 17:45:57	change	Minor (3.5.0 > 3.6.0)
2024-02-13 19:27:15	change	Minor (3.4.0 > 3.5.0)
2023-08-28 18:00:34	change	Minor (3.3.0 > 3.4.0)
2023-08-03 17:56:09	change	Minor (3.2.0 > 3.3.0)
2023-07-14 17:56:09	change	Minor (3.1.0 > 3.2.0)
2023-04-06 17:42:16	change	Minor (3.0.0 > 3.1.0)
2022-09-13 16:35:29	change	Major (2.1.0 > 3.0.0)
2022-08-12 16:33:43	change	Minor (2.0.0 > 2.1.0)
2022-05-06 16:29:23	change	Major (1.0.0 > 2.0.0)
2022-04-01 20:29:14	add	ae8a10e6-19d6-44a3-a02d-a2bdfc707742

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC