Azure · fabmas · Sep 5, 2023 · Sep 5, 2023 · Sep 5, 2023 · Sep 5, 2023
@@ -8,6 +8,7 @@ spec:
  rule:
  - Azure.Resource.UseTags
  - Azure.KeyVault.Logs
+ - Azure.VM.AMA
  - Azure.Policy.ExemptionDescriptors
  - Azure.Policy.Descriptors
  - Azure.Policy.AssignmentDescriptors

@@ -99,6 +99,9 @@ module testDeployment '../../main.bicep' = {
  osType: 'Linux'
  vmSize: 'Standard_DS2_v2'
  configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
  disablePasswordAuthentication: true
  publicKeys: [
  {

@@ -83,6 +83,9 @@ module testDeployment '../../main.bicep' = {
  vmSize: 'Standard_DS2_v2'
  adminPassword: password
  configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
  tags: {
  'hidden-title': 'This is visible in the resource name'
  Environment: 'Non-Prod'

@@ -58,6 +58,9 @@ module testDeployment '../../main.bicep' = {
  name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
  params: {
  enableDefaultTelemetry: enableDefaultTelemetry
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
  location: location
  name: '${namePrefix}${serviceShort}'
  adminUsername: 'VMAdministrator'

@@ -1599,6 +1599,9 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
  configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
  disablePasswordAuthentication: true
  enableDefaultTelemetry: '<enableDefaultTelemetry>'
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
  location: '<location>'
  name: 'cvmlinatmg'
  publicKeys: [
@@ -1690,6 +1693,11 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
  "enableDefaultTelemetry": {
  "value": "<enableDefaultTelemetry>"
  },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
  "location": {
  "value": "<location>"
  },
@@ -2443,6 +2451,9 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
  adminPassword: '<adminPassword>'
  configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
  enableDefaultTelemetry: '<enableDefaultTelemetry>'
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
  location: '<location>'
  name: 'cvmwinatmg'
  tags: {
@@ -2515,6 +2526,11 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
  "enableDefaultTelemetry": {
  "value": "<enableDefaultTelemetry>"
  },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
  "location": {
  "value": "<location>"
  },
@@ -2706,6 +2722,9 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
  }
  ]
  enableDefaultTelemetry: '<enableDefaultTelemetry>'
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
  location: '<location>'
  name: 'cvmwincmk'
  tags: {
@@ -2791,6 +2810,11 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
  "enableDefaultTelemetry": {
  "value": "<enableDefaultTelemetry>"
  },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
  "location": {
  "value": "<location>"
  },

@@ -567,19 +567,21 @@ resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021
  scope: az.resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4])
 }
 
-module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-MicrosoftMonitoringAgent'
+module vm_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-AzureMonitorAgent'
  params: {
  virtualMachineName: vm.name
- name: 'MicrosoftMonitoringAgent'
- publisher: 'Microsoft.EnterpriseCloud.Monitoring'
- type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
+ name: 'AzureMonitorAgent'
+ publisher: 'Microsoft.Azure.Monitor'
+ type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent'
  typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
  autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
  enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
  settings: {
  workspaceId: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.properties.customerId : ''
+ GCS_AUTO_CONFIG: osType == 'Linux' ? true : null
  }
+
  tags: contains(extensionMonitoringAgentConfig, 'tags') ? extensionMonitoringAgentConfig.tags : {}
  protectedSettings: {
  workspaceKey: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : ''
@@ -588,6 +590,7 @@ module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensi
  }
 }
 
+
 module vm_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) {
  name: '${uniqueString(deployment().name, location)}-VM-DependencyAgent'
  params: {
@@ -674,7 +677,7 @@ module vm_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionAzu
  }
  dependsOn: [
  vm_customScriptExtension
- vm_microsoftMonitoringAgentExtension
+ vm_azureMonitorAgentExtension
  ]
 }
 
@@ -693,7 +696,7 @@ module vm_backup '../../recovery-services/vault/backup-fabric/protection-contain
  dependsOn: [
  vm_aadJoinExtension
  vm_domainJoinExtension
- vm_microsoftMonitoringAgentExtension
+ vm_azureMonitorAgentExtension
  vm_microsoftAntiMalwareExtension
  vm_networkWatcherAgentExtension
  vm_dependencyAgentExtension