Azure Landing Zones Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure Landing Zones Documentation
  2. /
  3. Accelerator
  4. /
  5. Starter Modules
  6. /
  7. Terraform - Azure Verified Modules for Platform Landing Zone (ALZ)
  8. /
  9. Options
  10. /
  11. 11 - Turn off Azure Monitoring Agent
Edit page

11 - Turn off Azure Monitoring Agent

The Azure Monitoring Agent (AMA) is enabled by default. If you want to turn it off, you can follow these steps to remove the policy assignments:

This option removes the policy assignments, but we are still deploying the identity and data collections rules associated with Azure Monitoring Agent. This is to make it easier to enable it in the future. If you really don’t want to deploy those resources, it is possible to remove them from the configuration by reviewing he documentation for the Management Resources Module.

  1. Locate the lib folder in your config directory. This folder was created in the initial steps of phase 2. The lib folder structure should look like this:

    📂lib
┣ 📜alz_library_metadata.json
┣ 📂architecture_definitions
┃ ┗ 📜alz_custom.alz_architecture_definition.yaml
┗ 📂archetype_overrides
  ┃ 📜connectivity_custom.alz_archetype_override.yaml
  ┃ 📜corp_custom.alz_archetype_override.yaml
  ┃ 📜decommissioned_custom.alz_archetype_override.yaml
  ┃ 📜identity_custom.alz_archetype_override.yaml
  ┃ 📜management_custom.alz_archetype_override.yaml
  ┃ 📜landing_zones_custom.alz_archetype_override.yaml
  ┃ 📜platform_custom.alz_archetype_override.yaml
  ┃ 📜root_custom.alz_archetype_override.yaml
  ┗ 📜sandboxes_custom.alz_archetype_override.yaml

  2. Open the landing_zones_custom.alz_archetype_override.yaml file and uncomment the AMA policy assignments in the policy_assignments_to_remove list.

    The file should look like this:

    base_archetype: landing_zones
name: landing_zones_custom
policy_assignments_to_add: []
policy_assignments_to_remove: [
# To remove AMA policies, uncomment the following lines:
  Deploy-MDFC-DefSQL-AMA,
  Deploy-VM-ChangeTrack,
  Deploy-VM-Monitoring,
  Deploy-vmArc-ChangeTrack,
  Deploy-vmHybr-Monitoring,
  Deploy-VMSS-ChangeTrack,
  Deploy-VMSS-Monitoring,
# To remove the DDOS modify policy, uncomment the following line:
  # Enable-DDoS-VNET,
]
policy_definitions_to_add: []
policy_definitions_to_remove: []
policy_set_definitions_to_add: []
policy_set_definitions_to_remove: []
role_definitions_to_add: []
role_definitions_to_remove: []

  3. Open the platform_custom.alz_archetype_override.yaml file and uncomment the AMA policy assignments in the policy_assignments_to_remove list.

    The file should look like this:

    base_archetype: platform
name: platform_custom
policy_assignments_to_add: []
policy_assignments_to_remove: [
# To disable AMA policies, uncomment the following lines:
  DenyAction-DeleteUAMIAMA,
  Deploy-MDFC-DefSQL-AMA,
  Deploy-VM-ChangeTrack,
  Deploy-VM-Monitoring,
  Deploy-vmArc-ChangeTrack,
  Deploy-vmHybr-Monitoring,
  Deploy-VMSS-ChangeTrack,
  Deploy-VMSS-Monitoring,
]
policy_definitions_to_add: []
policy_definitions_to_remove: []
policy_set_definitions_to_add: []
policy_set_definitions_to_remove: []
role_definitions_to_add: []
role_definitions_to_remove: []

  4. Make sure to save both files after making the changes.

gdoc_arrow_left_alt 10 - Remove a policy assignment 12 - Deploy Azure Monitoring Baseline Alerts (AMBA) gdoc_arrow_right_alt