Azure Landing Zones Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

11 - Turn off Azure Monitoring Agent

The Azure Monitoring Agent (AMA) is enabled by default. If you want to turn it off, you can follow these steps:

  1. Remove the following settings by searching for the keys and removing the line or block

    Setting TypeParent block(s)KeyActionCountNotes
    linecustom_replacements > namesama_user_assigned_managed_identity_nameDelete1
    linecustom_replacements > namesdcr_change_tracking_nameDelete1
    linecustom_replacements > namesdcr_defender_sql_nameDelete1
    linecustom_replacements > namesdcr_vm_insights_nameDelete1
    linecustom_replacements > resource_identifiers
    management_group_settings > policy_default_values
    ama_change_tracking_data_collection_rule_idDelete2There are two instances of this key, delete both lines
    linecustom_replacements > resource_identifiers
    management_group_settings > policy_default_values
    ama_mdfc_sql_data_collection_rule_idDelete2There are two instances of this key, delete both lines
    linecustom_replacements > resource_identifiers
    management_group_settings > policy_default_values
    ama_vm_insights_data_collection_rule_idDelete2There are two instances of this key, delete both lines
    linecustom_replacements > resource_identifiers
    management_group_settings > policy_default_values
    ama_user_assigned_managed_identity_idDelete2There are two instances of this key, delete both lines
    blockmanagement_resource_settingsuser_assigned_managed_identitiesDelete1
    blockmanagement_resource_settingsdata_collection_rulesDelete1
  2. Locate the lib folder in your config directory. This folder was created in the initial steps of phase 2. The lib folder structure should look like this:

    📂lib
    ┣ 📜alz_library_metadata.json
    ┣ 📂architecture_definitions
    ┃ ┗ 📜alz_custom.alz_architecture_definition.yaml
    ┗ 📂archetype_overrides
      ┃ 📜connectivity_custom.alz_archetype_override.yaml
      ┃ 📜corp_custom.alz_archetype_override.yaml
      ┃ 📜decommissioned_custom.alz_archetype_override.yaml
      ┃ 📜identity_custom.alz_archetype_override.yaml
      ┃ 📜management_custom.alz_archetype_override.yaml
      ┃ 📜landing_zones_custom.alz_archetype_override.yaml
      ┃ 📜platform_custom.alz_archetype_override.yaml
      ┃ 📜root_custom.alz_archetype_override.yaml
      ┗ 📜sandboxes_custom.alz_archetype_override.yaml
    
  3. Open the landing_zones_custom.alz_archetype_override.yaml file and uncomment the AMA policy assignments in the policy_assignments_to_remove list.

    The file should look like this:

    base_archetype: landing_zones
    name: landing_zones_custom
    policy_assignments_to_add: []
    policy_assignments_to_remove: [
    # To remove AMA policies, uncomment the following lines:
      Deploy-MDFC-DefSQL-AMA,
      Deploy-VM-ChangeTrack,
      Deploy-VM-Monitoring,
      Deploy-vmArc-ChangeTrack,
      Deploy-vmHybr-Monitoring,
      Deploy-VMSS-ChangeTrack,
      Deploy-VMSS-Monitoring,
    # To remove the DDOS modify policy, uncomment the following line:
      # Enable-DDoS-VNET,
    ]
    policy_definitions_to_add: []
    policy_definitions_to_remove: []
    policy_set_definitions_to_add: []
    policy_set_definitions_to_remove: []
    role_definitions_to_add: []
    role_definitions_to_remove: []
    
  4. Open the platform_custom.alz_archetype_override.yaml file and uncomment the AMA policy assignments in the policy_assignments_to_remove list.

    The file should look like this:

    base_archetype: platform
    name: platform_custom
    policy_assignments_to_add: []
    policy_assignments_to_remove: [
    # To disable AMA policies, uncomment the following lines:
      DenyAction-DeleteUAMIAMA,
      Deploy-MDFC-DefSQL-AMA,
      Deploy-VM-ChangeTrack,
      Deploy-VM-Monitoring,
      Deploy-vmArc-ChangeTrack,
      Deploy-vmHybr-Monitoring,
      Deploy-VMSS-ChangeTrack,
      Deploy-VMSS-Monitoring,
    ]
    policy_definitions_to_add: []
    policy_definitions_to_remove: []
    policy_set_definitions_to_add: []
    policy_set_definitions_to_remove: []
    role_definitions_to_add: []
    role_definitions_to_remove: []
    
  5. Make sure to save both files after making the changes.