AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

[Deprecated]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Deprecated]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines
Ida15f3269-2e10-458c-87a4-d5989e678a73
Version3.0.1-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
3.0.1 (3.0.1-deprecated)
Built-in Versioning [Preview]
CategoryMonitoring
Microsoft Learn
DescriptionThis policy initiative is deprecated as part of Microsoft Defender for Cloud updated strategy. As part of this strategy, Azure Monitor agent is no longer required to receive Defender for Servers security features, but is required for Defender for SQL Server on machines. For more information visit: https://aka.ms/MdcAgentStrategy. Configure machines to automatically install the Azure Monitor and Azure Security agents.
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = unknown
Available in AzUSGovUnknown, no evidence if PolicySet definition is/not available in AzureUSGovernment
TypeBuiltIn
DeprecatedTrue
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 7
Builtin Policies: 7
Static Policies: 0
Deprecated: 4
GA: 2
Preview: 1
2 categories:
Monitoring: 3
Security Center: 4
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
[Deprecated]: Configure Association to link virtual machines to default Microsoft Defender for Cloud Data Collection Rule a2ea54a3-9707-45e3-8230-bbda8309d17e Security Center 3.0.1 (3.0.1-deprecated) 1x
3.0.1		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor Deprecated unknown
[Deprecated]: Configure supported Linux virtual machines to automatically install the Azure Security agent 5f8eb305-9c9f-4abe-9bb0-df220d9faba2 Security Center 7.1.0 (7.1.0-deprecated) 2x
7.1.0, 7.0.0-preview		 Default
Disabled
Allowed
DeployIfNotExists, Disabled		 1 Virtual Machine Contributor Deprecated unknown
[Deprecated]: Configure supported Windows machines to automatically install the Azure Security agent 1537496a-b1e8-482b-a06a-1cc2415cdc7b Security Center 5.2.0 (5.2.0-deprecated) 2x
5.2.0, 5.1.0-preview		 Default
Disabled
Allowed
DeployIfNotExists, Disabled		 1 Virtual Machine Contributor Deprecated unknown
[Deprecated]: Configure virtual machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent 8b5ad9ab-3d44-4a6e-9ac3-75b04ea5fd28 Security Center 5.2.1 (5.2.1-deprecated) 1x
5.2.1		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Contributor Deprecated unknown
[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs 17b3de92-f710-4cf4-aa55-0e7859f1ed7b Monitoring 6.0.0-preview 1x
6.0.0-preview		 Default
Modify
Allowed
Modify, Disabled		 3 Managed Identity Contributor, Managed Identity Operator, Virtual Machine Contributor Preview unknown
Configure Linux virtual machines to run Azure Monitor Agent with system-assigned managed identity-based authentication a4034bc6-ae50-406d-bf76-50f4ee5a7811 Monitoring 3.7.0 5x
3.7.0, 3.6.0, 3.5.0, 3.4.0, 3.3.0		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Virtual Machine Contributor GA unknown
Configure Windows virtual machines to run Azure Monitor Agent using system-assigned managed identity ca817e41-e85a-4783-bc7f-dc532d36235e Monitoring 4.4.0 2x
4.4.0, 4.3.0		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Virtual Machine Contributor GA unknown
Roles used Total Roles usage: 10
Total Roles unique usage: 6
Role Role Id #Policies Policies
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa 1 [Deprecated]: Configure Association to link virtual machines to default Microsoft Defender for Cloud Data Collection Rule
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 1 [Deprecated]: Configure Association to link virtual machines to default Microsoft Defender for Cloud Data Collection Rule
Managed Identity Contributor e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 1 [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs
Managed Identity Operator f1a07417-d97a-45cb-824c-7a7467783830 1 [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c 5 [Deprecated]: Configure supported Linux virtual machines to automatically install the Azure Security agent, [Deprecated]: Configure supported Windows machines to automatically install the Azure Security agent, [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs, Configure Linux virtual machines to run Azure Monitor Agent with system-assigned managed identity-based authentication, Configure Windows virtual machines to run Azure Monitor Agent using system-assigned managed identity
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 1 [Deprecated]: Configure virtual machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent
History
Date/Time (UTC ymd) (i) Changes
2023-11-14 18:15:13 Version change: '3.0.0-deprecated' to '3.0.1-deprecated'
2023-11-03 19:40:09 Name change: '[Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines' to '[Deprecated]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines'
Version change: '3.0.0-preview' to '3.0.0-deprecated'
2023-10-27 18:02:04 Description change: 'Configure machines to automatically install the Azure Monitor and Azure Security agents. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the machine to store audit records. This policy only applies to VMs in a few regions.' to 'This policy initiative is deprecated as part of Microsoft Defender for Cloud updated strategy. As part of this strategy, Azure Monitor agent is no longer required to receive Defender for Servers security features, but is required for Defender for SQL Server on machines. For more information visit: https://aka.ms/MdcAgentStrategy. Configure machines to automatically install the Azure Monitor and Azure Security agents.'
2021-09-30 16:01:51 add Policy [Deprecated]: Configure Association to link virtual machines to default Microsoft Defender for Cloud Data Collection Rule (a2ea54a3-9707-45e3-8230-bbda8309d17e)
2021-07-14 14:58:38 Name change: '[Preview]: Deploy - Configure prerequisites to enable Azure Monitor and Azure Security agents on virtual machines' to '[Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines'
2021-06-22 14:29:04 add Policy [Deprecated]: Configure virtual machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent (8b5ad9ab-3d44-4a6e-9ac3-75b04ea5fd28)
2021-01-22 09:14:56 add Initiative a15f3269-2e10-458c-87a4-d5989e678a73
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC