diff --git a/.ps-rule/min-suppress.Rule.yaml b/.ps-rule/min-suppress.Rule.yaml index 80611ec02c..116e992898 100644 --- a/.ps-rule/min-suppress.Rule.yaml +++ b/.ps-rule/min-suppress.Rule.yaml @@ -8,6 +8,7 @@ spec: rule: - Azure.Resource.UseTags - Azure.KeyVault.Logs + - Azure.VM.AMA - Azure.Policy.ExemptionDescriptors - Azure.Policy.Descriptors - Azure.Policy.AssignmentDescriptors diff --git a/modules/compute/virtual-machine/.test/linux.atmg/main.test.bicep b/modules/compute/virtual-machine/.test/linux.atmg/main.test.bicep index a6b7cf6ddf..d725622a64 100644 --- a/modules/compute/virtual-machine/.test/linux.atmg/main.test.bicep +++ b/modules/compute/virtual-machine/.test/linux.atmg/main.test.bicep @@ -99,6 +99,9 @@ module testDeployment '../../main.bicep' = { osType: 'Linux' vmSize: 'Standard_DS2_v2' configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' + extensionMonitoringAgentConfig: { + enabled: true + } disablePasswordAuthentication: true publicKeys: [ { diff --git a/modules/compute/virtual-machine/.test/windows.atmg/main.test.bicep b/modules/compute/virtual-machine/.test/windows.atmg/main.test.bicep index 52c5e35db0..eafdd088e4 100644 --- a/modules/compute/virtual-machine/.test/windows.atmg/main.test.bicep +++ b/modules/compute/virtual-machine/.test/windows.atmg/main.test.bicep @@ -83,6 +83,9 @@ module testDeployment '../../main.bicep' = { vmSize: 'Standard_DS2_v2' adminPassword: password configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' + extensionMonitoringAgentConfig: { + enabled: true + } tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/modules/compute/virtual-machine/.test/windows.ssecmk/main.test.bicep b/modules/compute/virtual-machine/.test/windows.ssecmk/main.test.bicep index b829bbcf1c..1287d4f44c 100644 --- a/modules/compute/virtual-machine/.test/windows.ssecmk/main.test.bicep +++ b/modules/compute/virtual-machine/.test/windows.ssecmk/main.test.bicep @@ -58,6 +58,9 @@ module testDeployment '../../main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' params: { enableDefaultTelemetry: enableDefaultTelemetry + extensionMonitoringAgentConfig: { + enabled: true + } location: location name: '${namePrefix}${serviceShort}' adminUsername: 'VMAdministrator' diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md index d7747400aa..36302646cd 100644 --- a/modules/compute/virtual-machine/README.md +++ b/modules/compute/virtual-machine/README.md @@ -1599,6 +1599,9 @@ module virtualMachine './compute/virtual-machine/main.bicep' = { configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' disablePasswordAuthentication: true enableDefaultTelemetry: '' + extensionMonitoringAgentConfig: { + enabled: true + } location: '' name: 'cvmlinatmg' publicKeys: [ @@ -1690,6 +1693,11 @@ module virtualMachine './compute/virtual-machine/main.bicep' = { "enableDefaultTelemetry": { "value": "" }, + "extensionMonitoringAgentConfig": { + "value": { + "enabled": true + } + }, "location": { "value": "" }, @@ -2443,6 +2451,9 @@ module virtualMachine './compute/virtual-machine/main.bicep' = { adminPassword: '' configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' enableDefaultTelemetry: '' + extensionMonitoringAgentConfig: { + enabled: true + } location: '' name: 'cvmwinatmg' tags: { @@ -2515,6 +2526,11 @@ module virtualMachine './compute/virtual-machine/main.bicep' = { "enableDefaultTelemetry": { "value": "" }, + "extensionMonitoringAgentConfig": { + "value": { + "enabled": true + } + }, "location": { "value": "" }, @@ -2706,6 +2722,9 @@ module virtualMachine './compute/virtual-machine/main.bicep' = { } ] enableDefaultTelemetry: '' + extensionMonitoringAgentConfig: { + enabled: true + } location: '' name: 'cvmwincmk' tags: { @@ -2791,6 +2810,11 @@ module virtualMachine './compute/virtual-machine/main.bicep' = { "enableDefaultTelemetry": { "value": "" }, + "extensionMonitoringAgentConfig": { + "value": { + "enabled": true + } + }, "location": { "value": "" }, diff --git a/modules/compute/virtual-machine/main.bicep b/modules/compute/virtual-machine/main.bicep index 3cd09f6b51..234aecbfb0 100644 --- a/modules/compute/virtual-machine/main.bicep +++ b/modules/compute/virtual-machine/main.bicep @@ -567,19 +567,21 @@ resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021 scope: az.resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) } -module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-MicrosoftMonitoringAgent' +module vm_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-AzureMonitorAgent' params: { virtualMachineName: vm.name - name: 'MicrosoftMonitoringAgent' - publisher: 'Microsoft.EnterpriseCloud.Monitoring' - type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux' + name: 'AzureMonitorAgent' + publisher: 'Microsoft.Azure.Monitor' + type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent' typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7') autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false settings: { workspaceId: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.properties.customerId : '' + GCS_AUTO_CONFIG: osType == 'Linux' ? true : null } + tags: contains(extensionMonitoringAgentConfig, 'tags') ? extensionMonitoringAgentConfig.tags : {} protectedSettings: { workspaceKey: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : '' @@ -588,6 +590,7 @@ module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensi } } + module vm_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) { name: '${uniqueString(deployment().name, location)}-VM-DependencyAgent' params: { @@ -674,7 +677,7 @@ module vm_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionAzu } dependsOn: [ vm_customScriptExtension - vm_microsoftMonitoringAgentExtension + vm_azureMonitorAgentExtension ] } @@ -693,7 +696,7 @@ module vm_backup '../../recovery-services/vault/backup-fabric/protection-contain dependsOn: [ vm_aadJoinExtension vm_domainJoinExtension - vm_microsoftMonitoringAgentExtension + vm_azureMonitorAgentExtension vm_microsoftAntiMalwareExtension vm_networkWatcherAgentExtension vm_dependencyAgentExtension