Option to Enable Azure Monitor Agent (AMA) initiave #1055
Comments
ghost
added
the
jtracey93
added
enhancement
|
Thanks for raising this @rikunarhi-cloud2, I have transferred this to this repo as all our policies live as a source of truth in this repo and then pulled into Terraform or Bicep implementations. We are currently working with the Azure Monitor engineering teams to plan the migration of ALZ from MMA to AMA and are nearing the point where we can begin the required work, but not just yet. @paulgrimley is leading this from our side as a PM, so looping him in. As a side note we are working with the engineering teams to get this previously raised policy issue resolved #1033 before we start with the AMA migration work as this will impact a number of customers if we just migrated today due to hardcoded So, stay tuned and now we are working on this behind the scenes and hope to make it come to reality very soon. Thanks Jack |
|
@rikunarhi-cloud2 thanks for raising this, we are indeed in deep discussions (and have been for some time) with the Monitor PG on transitioning ALZ to AMA. I am hopeful we should see progress in the next few weeks as we're keen to get this switched over. |
|
What is the status of this? |
|
Hi @rikunarhi-cloud2 we are still working with Monitor PG who are finalising date for GA parity with MMA before we are able to switch to AMA. The ALZ team are working in the background in readiness for GA so we can determine what is needed to be updated for each of the reference implementations (Portal, Bicep and Terraform). |
|
Eagerly Waiting. |
|
@spotakash you can indeed add it manually yourself in the TF module using the archetype_extension, but we are using this feature to track the addition/migration to AMA from MMA and all the other work this encompasses. Docs, guidance, policy work, implementation changes. As Paul has mentioned there is work going on with the AMA teams to ensure we have everything aligned and in place for parity, then we will begin our work. |
|
is there any progress on this? We can't postpone this migration much longer and we'd prefer if this was implemented in Enterprise-Scale/ALZ policies instead of our own custom policy implementation. |
|
Appreciate you requesting an update on this @JasperCodes, we are continuing to work in the background to drive this forward and this relies on a number of teams who leverage the MMA agent providing parity general availability alternatives to allow ALZ to transition to the AMA agent as we need to cater for all our customers who will use different components of the MMA solution so its not easy to just switch over with some services announced as GA for AMA. Defender for Cloud is one of the biggest users of the AMA agent and new GA comparable coverage (of solutions that ALZ currently deploy today) vs MMA is at least April 2024 as per https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-strategy-and-plan-towards-log/ba-p/3883341. My recommendation would be to look at what components your organisation uses and determine if AMA could be leveraged (and services are GA) and would recommend raising a support ticket if you have further concerns against services you require that are not GA with the pending deprecation date approaching if needed. |
|
Any news / progress around this to migrate to the built-in initiatives? Thanks “Enable Azure Monitor for VMs” should be updated to point to the correct built-in policy initiative: “Enable Azure Monitor for Virtual Machine Scale Sets” instead of “Enable Azure Monitor for Virtual Machine Scale Sets” |
|
We're actively working on this, we plan to have the portal updated to use AMA in the next few days then we will review how to integrate this with our Terraform and Bicep reference implementations. Please check the roadmap for updates aka.ms/alz/roadmap (I have just made an update to the MMA deprecation item https://github.com/orgs/Azure/projects/487?pane=issue&itemId=30803412) cc: @arjenhuitema |
|
Is there a timeline for supporting AMA being supported in Terraform implementation? |
|
Hi @jimays-avila thanks for the nudge and the short answer is yes! all going well we are planning for June. Please see https://github.com/orgs/Azure/projects/487?pane=issue&itemId=30803412 for more details in our roadmap updates. |
|
@paulgrimley: Would this be more at the beginning or end of June? We have been eagerly waiting for this, as the 31st August is nearby. Thanks in advance for your reply. |
|
@eddy-vera to be safe I would say end of June, we are working hard to get this out so can assure you we are doing all we can to get this out as quick as possible, thank you for your patience with this. |
|
Closing this issue as we have now completed this work please visit https://aka.ms/alz/ama/blog for more information cc: @arjenhuitema |
Community Note
Description
Is your feature request related to a problem?
We are starting to transfer our monitoring agents from the old Log analytics agent to the AMA. Currently the option
settings.log_analytics.config.enable_monitoring_for_vmdeploys a legacy policy.Now if we want to create our own Data collection rules we will have to create them outside of the module.
Describe the solution you'd like
We would like to have the
settings.log_analytics.config.enable_monitoring_for_vmto deploy the new policy 9dffaf29-5905-4145-883c-957eb442c226.Second option would be the ability to create Data collection rules with the advanced block of the configuremanagementresources. So that then we can deploy a policy that just installs the agent and associates the agent with the data collection rule.
Additional context
The text was updated successfully, but these errors were encountered: