last sync: 2021-Nov-26 17:15:00 UTC

Azure Policy Initiative

Enable Azure Monitor for Virtual Machine Scale Sets

NameEnable Azure Monitor for Virtual Machine Scale Sets
Azure Portal
Id75714362-cae7-409e-9b99-a8e5075b7fad
Version1.0.1
details on versioning
CategoryMonitoring
Microsoft docs
DescriptionEnable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2020-04-22 04:43:14 Name change: '[Preview]: Enable Azure Monitor for Virtual Machine Scale Sets' to 'Enable Azure Monitor for Virtual Machine Scale Sets'
2020-02-29 21:43:11 Description change: 'Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.' to 'Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.'
Name change: '[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)' to '[Preview]: Enable Azure Monitor for Virtual Machine Scale Sets'
Policy count Total Policies: 6
Builtin Policies: 6
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Deploy - Configure Dependency agent to be enabled on Windows virtual machine scale sets 3be22e3b-d919-47aa-805e-8985dbeb0ad9 Monitoring Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
GA
Deploy - Configure Log Analytics extension to be enabled on Windows virtual machine scale sets 3c1b3629-c8f8-4bf6-862c-037cb9094038 Monitoring Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
GA
Deploy Dependency agent for Linux virtual machine scale sets 765266ab-e40e-4c61-bcb2-5a5275d0b7c0 Monitoring Fixed: deployIfNotExists GA
Deploy Log Analytics extension for Linux virtual machine scale sets 5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069 Monitoring Fixed: deployIfNotExists GA
Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images 5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
JSON
{
  "displayName": "Enable Azure Monitor for Virtual Machine Scale Sets",
  "policyType": "BuiltIn",
  "description": "Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.",
  "metadata": {
    "version": "1.0.1",
    "category": "Monitoring"
  },
  "parameters": {
    "logAnalytics_1": {
      "type": "String",
      "metadata": {
        "displayName": "Log Analytics workspace",
        "description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
        "strongType": "omsWorkspace"
      }
    },
    "listOfImageIdToInclude_windows": {
      "type": "Array",
      "metadata": {
        "displayName": "Optional: List of VM images that have supported Windows OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
      },
      "defaultValue": []
    },
    "listOfImageIdToInclude_linux": {
      "type": "Array",
      "metadata": {
        "displayName": "Optional: List of VM images that have supported Linux OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
      },
      "defaultValue": []
    }
  },
  "policyDefinitions": [
    {
      "policyDefinitionReferenceId": "LogAnalyticsExtension_Windows_VMSS_Deploy",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038",
      "parameters": {
        "logAnalytics": {
          "value": "[parameters('logAnalytics_1')]"
        },
        "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "LogAnalyticsExtension_Linux_VMSS_Deploy",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069",
      "parameters": {
        "logAnalytics": {
          "value": "[parameters('logAnalytics_1')]"
        },
        "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "DependencyAgentExtension_Windows_VMSS_Deploy",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9",
      "parameters": {
        "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "DependencyAgentExtension_Linux_VMSS_Deploy",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0",
      "parameters": {
        "listOfImageIdToInclude": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "LogAnalytics_OSImage_VMSS_Audit",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
      "parameters": {
        "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
        },
        "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "DependencyAgent_OSImage_VMSS_Audit",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10",
      "parameters": {
        "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
        },
        "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
        }
      }
    }
  ]
}