last sync: 2020-Dec-02 15:37:50 UTC

Azure Policy Initiative

Enable Azure Monitor for Virtual Machine Scale Sets

NameEnable Azure Monitor for Virtual Machine Scale Sets
Azure Portal
Id75714362-cae7-409e-9b99-a8e5075b7fad
Version1.0.1
details on versioning
CategoryMonitoring
Microsoft docs
DescriptionEnable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2020-04-22 04:43:14 Name change: '[Preview]: Enable Azure Monitor for Virtual Machine Scale Sets' to 'Enable Azure Monitor for Virtual Machine Scale Sets'
2020-02-29 21:43:11 Description change: 'Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.' to 'Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.'
Name change: '[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)' to '[Preview]: Enable Azure Monitor for Virtual Machine Scale Sets'
Policy count Total Policies: 6
Builtin Policies: 6
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Monitoring Fixed: auditIfNotExists GA
Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted 5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Monitoring Fixed: auditIfNotExists GA
Deploy Dependency agent for Linux virtual machine scale sets 765266ab-e40e-4c61-bcb2-5a5275d0b7c0 Monitoring Fixed: deployIfNotExists GA
Deploy Dependency agent for Windows virtual machine scale sets 3be22e3b-d919-47aa-805e-8985dbeb0ad9 Monitoring Fixed: deployIfNotExists GA
Deploy Log Analytics agent for Linux virtual machine scale sets 5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069 Monitoring Fixed: deployIfNotExists GA
Deploy Log Analytics agent for Windows virtual machine scale sets 3c1b3629-c8f8-4bf6-862c-037cb9094038 Monitoring Fixed: deployIfNotExists GA
Json
{
  "properties": {
    "displayName": "Enable Azure Monitor for Virtual Machine Scale Sets",
    "policyType": "BuiltIn",
    "description": "Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.",
    "metadata": {
      "version": "1.0.1",
      "category": "Monitoring"
    },
    "parameters": {
      "logAnalytics_1": {
        "type": "String",
        "metadata": {
          "displayName": "Log Analytics workspace",
          "description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace"
        }
      },
      "listOfImageIdToInclude_windows": {
        "type": "Array",
        "metadata": {
          "displayName": "Optional: List of VM images that have supported Windows OS to add to scope",
          "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
        },
        "defaultValue": [
          
        ]
      },
      "listOfImageIdToInclude_linux": {
        "type": "Array",
        "metadata": {
          "displayName": "Optional: List of VM images that have supported Linux OS to add to scope",
          "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
        },
        "defaultValue": [
          
        ]
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "LogAnalyticsExtension_Windows_VMSS_Deploy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038",
        "parameters": {
          "logAnalytics": {
          "value": "[parameters('logAnalytics_1')]"
          },
          "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "LogAnalyticsExtension_Linux_VMSS_Deploy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069",
        "parameters": {
          "logAnalytics": {
          "value": "[parameters('logAnalytics_1')]"
          },
          "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "DependencyAgentExtension_Windows_VMSS_Deploy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9",
        "parameters": {
          "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "DependencyAgentExtension_Linux_VMSS_Deploy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0",
        "parameters": {
          "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "LogAnalytics_OSImage_VMSS_Audit",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
        "parameters": {
          "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
          },
          "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "DependencyAgent_OSImage_VMSS_Audit",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10",
        "parameters": {
          "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
          },
          "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
          }
        }
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "75714362-cae7-409e-9b99-a8e5075b7fad"
}