11 - Turn off Azure Monitoring Agent
The Azure Monitoring Agent (AMA) is enabled by default. If you want to turn it off, you can follow these steps:
Remove the following settings by searching for the keys and removing the line or block
Setting Type Parent block(s) Key Action Count Notes line custom_replacements
>names
ama_user_assigned_managed_identity_name
Delete 1 line custom_replacements
>names
dcr_change_tracking_name
Delete 1 line custom_replacements
>names
dcr_defender_sql_name
Delete 1 line custom_replacements
>names
dcr_vm_insights_name
Delete 1 line custom_replacements
>resource_identifiers
management_group_settings
>policy_default_values
ama_change_tracking_data_collection_rule_id
Delete 2 There are two instances of this key, delete both lines line custom_replacements
>resource_identifiers
management_group_settings
>policy_default_values
ama_mdfc_sql_data_collection_rule_id
Delete 2 There are two instances of this key, delete both lines line custom_replacements
>resource_identifiers
management_group_settings
>policy_default_values
ama_vm_insights_data_collection_rule_id
Delete 2 There are two instances of this key, delete both lines line custom_replacements
>resource_identifiers
management_group_settings
>policy_default_values
ama_user_assigned_managed_identity_id
Delete 2 There are two instances of this key, delete both lines block management_resource_settings
user_assigned_managed_identities
Delete 1 block management_resource_settings
data_collection_rules
Delete 1 Locate the
lib
folder in yourconfig
directory. This folder was created in the initial steps of phase 2. Thelib
folder structure should look like this:📂lib ┣ 📜alz_library_metadata.json ┣ 📂architecture_definitions ┃ ┗ 📜alz_custom.alz_architecture_definition.yaml ┗ 📂archetype_overrides ┃ 📜connectivity_custom.alz_archetype_override.yaml ┃ 📜corp_custom.alz_archetype_override.yaml ┃ 📜decommissioned_custom.alz_archetype_override.yaml ┃ 📜identity_custom.alz_archetype_override.yaml ┃ 📜management_custom.alz_archetype_override.yaml ┃ 📜landing_zones_custom.alz_archetype_override.yaml ┃ 📜platform_custom.alz_archetype_override.yaml ┃ 📜root_custom.alz_archetype_override.yaml ┗ 📜sandboxes_custom.alz_archetype_override.yaml
Open the
landing_zones_custom.alz_archetype_override.yaml
file and uncomment the AMA policy assignments in thepolicy_assignments_to_remove
list.The file should look like this:
base_archetype: landing_zones name: landing_zones_custom policy_assignments_to_add: [] policy_assignments_to_remove: [ # To remove AMA policies, uncomment the following lines: Deploy-MDFC-DefSQL-AMA, Deploy-VM-ChangeTrack, Deploy-VM-Monitoring, Deploy-vmArc-ChangeTrack, Deploy-vmHybr-Monitoring, Deploy-VMSS-ChangeTrack, Deploy-VMSS-Monitoring, # To remove the DDOS modify policy, uncomment the following line: # Enable-DDoS-VNET, ] policy_definitions_to_add: [] policy_definitions_to_remove: [] policy_set_definitions_to_add: [] policy_set_definitions_to_remove: [] role_definitions_to_add: [] role_definitions_to_remove: []
Open the
platform_custom.alz_archetype_override.yaml
file and uncomment the AMA policy assignments in thepolicy_assignments_to_remove
list.The file should look like this:
base_archetype: platform name: platform_custom policy_assignments_to_add: [] policy_assignments_to_remove: [ # To disable AMA policies, uncomment the following lines: DenyAction-DeleteUAMIAMA, Deploy-MDFC-DefSQL-AMA, Deploy-VM-ChangeTrack, Deploy-VM-Monitoring, Deploy-vmArc-ChangeTrack, Deploy-vmHybr-Monitoring, Deploy-VMSS-ChangeTrack, Deploy-VMSS-Monitoring, ] policy_definitions_to_add: [] policy_definitions_to_remove: [] policy_set_definitions_to_add: [] policy_set_definitions_to_remove: [] role_definitions_to_add: [] role_definitions_to_remove: []
Make sure to save both files after making the changes.