Use Azure Monitor Agent#
Operational Excellence · Virtual Machine Scale Sets · 2022_12
Use Azure Monitor Agent for collecting monitoring data.
Description#
Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of virtual machines in virtual machine scale sets. Data collected gets delivered to Azure Monitor for use by features, insights and other services, such as Microsoft Defender for Cloud.
Azure Monitor Agent replaces all of Azure Monitor's legacy monitoring agents.
Recommendation#
Consider monitoring Virtual Machine Scale Sets using the Azure Monitor Agent.
Examples#
Configure with Azure template#
To deploy virtual machine scale sets that pass this rule:
- Set
properties.virtualMachineProfile.extensionProfile.extensions.properties.publisher
toMicrosoft.Azure.Monitor
. - Set
properties.virtualMachineProfile.extensionProfile.extensions.properties.type
toAzureMonitorWindowsAgent
(Windows) orAzureMonitorLinuxAgent
(Linux).
For example:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmssName": {
"type": "string",
"defaultValue": "vmss-01"
},
"location": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2022-08-01",
"name": "[parameters('vmssName')]",
"location": "[parameters('location')]",
"sku": {
"name": "b2ms",
"tier": "Standard",
"capacity": 1
},
"properties": {
"overprovision": true,
"upgradePolicy": {
"mode": "Automatic"
},
"singlePlacementGroup": true,
"platformFaultDomainCount": 3,
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [
{
"name": "[format('{0}/AzureMonitorLinuxAgent', parameters('vmssName'))]",
"properties": {
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true,
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorLinuxAgent",
"typeHandlerVersion": "1.21"
}
}
]
},
"storageProfile": {
"osDisk": {
"caching": "ReadWrite",
"createOption": "FromImage"
},
"imageReference": {
"publisher": "microsoft-aks",
"offer": "aks",
"sku": "aks-ubuntu-1804-202208",
"version": "2022.08.29"
}
},
"osProfile": {
"adminUsername": "azureuser",
"computerNamePrefix": "vmss-01",
"linuxConfiguration": {
"disablePasswordAuthentication": true
},
"provisionVMAgent": true,
"ssh": {
"publicKeys": [
{
"path": "/home/azureuser/.ssh/authorized_keys"
}
]
}
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "vmss-001",
"properties": {
"primary": true,
"enableAcceleratedNetworking": true,
"networkSecurityGroup": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-001"
},
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"primary": true,
"subnet": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-001/subnets/subnet-001"
},
"privateIPAddressVersion": "IPv4",
"loadBalancerBackendAddressPools": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/backendAddressPools/kubernetes"
}
]
}
}
]
}
}
]
}
}
}
}
]
}
To deploy virtual machine scale sets with a extension sub resource that pass this rule:
- Deploy a extension sub-resource
Microsoft.Compute/virtualMachines/extensions
. - Set
properties.publisher
toMicrosoft.Azure.Monitor
. - Set
properties.type
toAzureMonitorWindowsAgent
(Windows) orAzureMonitorLinuxAgent
(Linux).
For example:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmssName": {
"type": "string"
},
"location": {
"type": "string"
},
"userAssignedManagedIdentity": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
"apiVersion": "2022-08-01",
"name": "[format('{0}/AzureMonitorLinuxAgent', parameters('vmssName'))]",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorLinuxAgent",
"typeHandlerVersion": "1.21",
"settings": {
"authentication": {
"managedIdentity": {
"identifier-name": "mi_res_id",
"identifier-value": "[parameters('userAssignedManagedIdentity')]"
}
}
},
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true
}
}
]
}
Configure with Bicep#
To deploy virtual machine scale sets that pass this rule:
- Set
properties.virtualMachineProfile.extensionProfile.extensions.properties.publisher
toMicrosoft.Azure.Monitor
. - Set
properties.virtualMachineProfile.extensionProfile.extensions.properties.type
toAzureMonitorWindowsAgent
(Windows) orAzureMonitorLinuxAgent
(Linux).
For example:
param vmssName string = 'vmss-01'
param location string
resource vmScaleSet 'Microsoft.Compute/virtualMachineScaleSets@2022-08-01' = {
name: vmssName
location: location
sku: {
name: 'b2ms'
tier: 'Standard'
capacity: 1
}
properties: {
overprovision: true
upgradePolicy: {
mode: 'Automatic'
}
singlePlacementGroup: true
platformFaultDomainCount: 3
virtualMachineProfile: {
extensionProfile: {
extensions: [
{
name: '${vmssName}/AzureMonitorLinuxAgent'
properties: {
autoUpgradeMinorVersion: true
enableAutomaticUpgrade: true
publisher: 'Microsoft.Azure.Monitor'
type: 'AzureMonitorLinuxAgent'
typeHandlerVersion: '1.21'
}
}
]
}
storageProfile: {
osDisk: {
caching: 'ReadWrite'
createOption: 'FromImage'
}
imageReference: {
publisher: 'microsoft-aks'
offer: 'aks'
sku: 'aks-ubuntu-1804-202208'
version: '2022.08.29'
}
}
osProfile: {
adminUsername: 'azureuser'
computerNamePrefix: 'vmss-01'
linuxConfiguration: {
disablePasswordAuthentication: true
}
provisionVMAgent: true
ssh: {
publicKeys: [
{
path: '/home/azureuser/.ssh/authorized_keys'
}
]
}
}
networkProfile: {
networkInterfaceConfigurations: [
{
name: 'vmss-001'
properties: {
primary: true
enableAcceleratedNetworking: true
networkSecurityGroup: {
id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-001'
}
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
primary: true
subnet: {
id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-001/subnets/subnet-001'
}
privateIPAddressVersion: 'IPv4'
loadBalancerBackendAddressPools: [
{
id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/backendAddressPools/kubernetes'
}
]
}
}
]
}
}
]
}
}
}
}
To deploy virtual machine scale sets with a extension sub resource that pass this rule:
- Deploy a extension sub-resource
Microsoft.Compute/virtualMachines/extensions
. - Set
properties.publisher
toMicrosoft.Azure.Monitor
. - Set
properties.type
toAzureMonitorWindowsAgent
(Windows) orAzureMonitorLinuxAgent
(Linux).
For example:
param vmssName string
param location string
param userAssignedManagedIdentity string
resource linuxAgent 'Microsoft.Compute/virtualMachineScaleSets/extensions@2022-08-01' = {
name: '${vmssName}/AzureMonitorLinuxAgent'
location: location
properties: {
publisher: 'Microsoft.Azure.Monitor'
type: 'AzureMonitorLinuxAgent'
typeHandlerVersion: '1.21'
autoUpgradeMinorVersion: true
enableAutomaticUpgrade: true
settings: {
authentication: {
managedIdentity: {
identifier-name: 'mi_res_id'
identifier-value: userAssignedManagedIdentity
}
}
}
}
}
Notes#
The Azure Monitor Agent (AMA) itself does not include all configuration needed, additionally data collection rules and associations are required.