Deployment options for Azure Monitor agent on Azure Arc-enabled servers

Azure Monitor supports multiple methods to install the Azure Monitor agent and connect your machine or server registered with Azure Arc-enabled servers to the service. Azure Arc-enabled servers support the Azure VM extension framework, which provides post-deployment configuration and automation tasks, enabling you to simplify management of your hybrid machines like you can with Azure VMs.

The Azure Monitor agent is required if you want to:

Note

Azure Monitor agent logs are stored locally and are updated after temporary disconnection of an Arc-enabled machine.

This article reviews the deployment methods for the Azure Monitor agent VM extension, across multiple production physical servers or virtual machines in your environment, to help you determine which works best for your organization. If you are interested in the new Azure Monitor agent and want to see a detailed comparison, see Azure Monitor agents overview.

Installation options

Review the different methods to install the VM extension using one method or a combination and determine which one works best for your scenario.

Use Azure Arc-enabled servers

This method supports managing the installation, management, and removal of VM extensions (including the Azure Monitor agent) from the Azure portal, using PowerShell, the Azure CLI, or with an Azure Resource Manager (ARM) template.

Advantages

  • Can be useful for testing purposes
  • Useful if you have a few machines to manage

Disadvantages

  • Limited automation when using an Azure Resource Manager template
  • Can only focus on a single Arc-enabled server, and not multiple instances
  • Only supports specifying a single workspace to report to; requires using PowerShell or the Azure CLI to configure the Log Analytics Windows agent VM extension to report to up to four workspaces
  • Doesn't support deploying the Dependency agent from the portal; you can only use PowerShell, the Azure CLI, or ARM template

Use Azure Policy

Azure Policy includes several prebuilt definitions related to Azure Monitor. For a complete list of the built-in policies in the Monitoring category, see Azure Policy built-in definitions for Azure Monitor.

Advantages

  • Reinstalls the VM extension if removed (after policy evaluation)
  • Identifies and installs the VM extension when a new Azure Arc-enabled server is registered with Azure

Disadvantages

  • The Configure operating system Arc-enabled machines to run Azure Monitor Agent policy only installs the Azure Monitor agent extension and configures the agent to report to a specified Log Analytics workspace.
  • Standard compliance evaluation cycle is once every 24 hours. An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. For more information, see Evaluation triggers.

Use Azure Automation

The process automation operating environment in Azure Automation and its support for PowerShell and Python runbooks can help you automate the deployment of the Azure Monitor agent VM extension at scale to machines in your environment.

Advantages

  • Can use a scripted method to automate its deployment and configuration using scripting languages you're familiar with
  • Runs on a schedule that you define and control
  • Authenticate securely to Arc-enabled servers from the Automation account using a managed identity

Disadvantages

  • Requires an Azure Automation account
  • Experience authoring and managing runbooks in Azure Automation
  • Must create a runbook based on PowerShell or Python, depending on the target operating system

Use Azure portal

The Azure Monitor agent VM extension can be installed using the Azure portal. See Automatic extension upgrade for Azure Arc-enabled servers for more information about installing extensions from the Azure portal.

Advantages

  • Point and click directly from Azure portal
  • Useful for testing with small set of servers
  • Immediate deployment of extension

Disadvantages

  • Not scalable to many servers
  • Limited automation

Next steps