11 - Turn off Azure Monitoring Agent

The Azure Monitoring Agent (AMA) is enabled by default. If you want to turn it off, you can follow these steps:

Remove the following settings by searching for the keys and removing the line or block

Setting Type	Parent block(s)	Key	Action	Count	Notes
line	`custom_replacements` > `names`	`ama_user_assigned_managed_identity_name`	Delete	1
line	`custom_replacements` > `names`	`dcr_change_tracking_name`	Delete	1
line	`custom_replacements` > `names`	`dcr_defender_sql_name`	Delete	1
line	`custom_replacements` > `names`	`dcr_vm_insights_name`	Delete	1
line	`custom_replacements` > `resource_identifiers` `management_group_settings` > `policy_default_values`	`ama_change_tracking_data_collection_rule_id`	Delete	2	There are two instances of this key, delete both lines
line	`custom_replacements` > `resource_identifiers` `management_group_settings` > `policy_default_values`	`ama_mdfc_sql_data_collection_rule_id`	Delete	2	There are two instances of this key, delete both lines
line	`custom_replacements` > `resource_identifiers` `management_group_settings` > `policy_default_values`	`ama_vm_insights_data_collection_rule_id`	Delete	2	There are two instances of this key, delete both lines
line	`custom_replacements` > `resource_identifiers` `management_group_settings` > `policy_default_values`	`ama_user_assigned_managed_identity_id`	Delete	2	There are two instances of this key, delete both lines
block	`management_resource_settings`	`user_assigned_managed_identities`	Delete	1
block	`management_resource_settings`	`data_collection_rules`	Delete	1

Copy and paste the following inside the management_group_settings > policy_assignments_to_modify block on a new line after the first curly brace {:

If you have updated the alz, landing-zones or platform management group ID, then you need to update the management group ID in this block setting to match. For example, replace alz with contoso.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
alz = {
  policy_assignments = {
    Deploy-MDEndpointsAMA = {
      enforcement_mode = "DoNotEnforce"
    }
  }
}
landing_zones = {
  policy_assignments = {
    Deploy-MDFC-DefSQL-AMA = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VM-ChangeTrack = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VM-Monitoring = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-vmArc-ChangeTrack = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-vmHybr-Monitoring = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VMSS-ChangeTrack = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VMSS-Monitoring = {
      enforcement_mode = "DoNotEnforce"
    }
  }
}
platform = {
  policy_assignments = {
    DenyAction-DeleteUAMIAMA = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-MDFC-DefSQL-AMA = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VM-ChangeTrack = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VM-Monitoring = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-vmArc-ChangeTrack = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-vmHybr-Monitoring = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VMSS-ChangeTrack = {
      enforcement_mode = "DoNotEnforce"
    }
    Deploy-VMSS-Monitoring = {
      enforcement_mode = "DoNotEnforce"
    }
  }
}

11 - Turn off Azure Monitoring Agent

Microsoft Clarity