This article details the different methods to install, uninstall, update, and configure Azure Monitor Agent on Azure virtual machines, scale sets, and Azure Arc-enabled servers.
Important
Azure Monitor Agent requires at least one data collection rule (DCR) to begin collecting data after it's installed on the client machine. Depending on the installation method you use, a DCR may or may not be created automatically. If not, then you need to configure data collection following the guidance at Collect data with Azure Monitor Agent.
Prerequisites
See the following articles for prerequisites and other requirements for Azure Monitor Agent:
Installing, upgrading, or uninstalling Azure Monitor Agent won't require a machine restart.
Installation options
The following table lists the different options for installing Azure Monitor Agent on Azure VMs and Azure Arc-enabled servers. The Azure Arc agent must be installed on any machines not in Azure before Azure Monitor Agent can be installed.
Installation method
Description
VM extension
Use any of the methods below to use the Azure extension framework to install the agent. This method does not create a DCR, so you must create at least one and associate it with the agent before data collection will begin.
When you create a DCR in the Azure portal, Azure Monitor Agent is installed on any machines that are added as resources for the DCR. The agent will begin collecting data defined in the DCR immediately.
Use Azure Policy to automatically install the agent on Azure virtual machines and Azure Arc-enabled servers and automatically associate them with required DCRs.
Note
To send data across tenants, you must first enable Azure Lighthouse.
Cloning a machine with Azure Monitor Agent installed is not supported. The best practice for these situations is to use Azure Policy or an Infrastructure as a code tool to deploy AMA at scale.
Install agent extension
This section provides details on installing Azure Monitor Agent using the VM extension.
You can install Azure Monitor Agent on Azure virtual machines and on Azure Arc-enabled servers by using the PowerShell command for adding a virtual machine extension.
Azure virtual machines
Use the following PowerShell commands to install Azure Monitor Agent on Azure virtual machines. Choose the appropriate command based on your chosen authentication method.
You can install Azure Monitor Agent on Azure virtual machines and on Azure Arc-enabled servers by using the Azure CLI command for adding a virtual machine extension.
Azure virtual machines
Use the following CLI commands to install Azure Monitor Agent on Azure virtual machines. Choose the appropriate command based on your chosen authentication method.
User-assigned managed identity
Windows
az vm extension set --name AzureMonitorWindowsAgent --publisher Microsoft.Azure.Monitor --ids <vm-resource-id> --enable-auto-upgrade true --settings '{"authentication":{"managedIdentity":{"identifier-name":"mi_res_id","identifier-value":"/subscriptions/<my-subscription-id>/resourceGroups/<my-resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<my-user-assigned-identity>"}}}'
Linux
az vm extension set --name AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --ids <vm-resource-id> --enable-auto-upgrade true --settings '{"authentication":{"managedIdentity":{"identifier-name":"mi_res_id","identifier-value":"/subscriptions/<my-subscription-id>/resourceGroups/<my-resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<my-user-assigned-identity>"}}}'
System-assigned managed identity
Windows
az vm extension set --name AzureMonitorWindowsAgent --publisher Microsoft.Azure.Monitor --ids <vm-resource-id> --enable-auto-upgrade true
Linux
az vm extension set --name AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --ids <vm-resource-id> --enable-auto-upgrade true
Azure virtual machines scale set
Use the az vmss extension set CLI cmdlet to install Azure Monitor Agent on Azure virtual machines scale sets.
Azure Arc-enabled servers
Use the following CLI commands to install Azure Monitor Agent on Azure Arc-enabled servers.
You can use Resource Manager templates to install Azure Monitor Agent on Azure virtual machines and on Azure Arc-enabled servers and to create an association with data collection rules. You must create any data collection rule prior to creating the association.
Get sample templates for installing the agent and creating the association from the following resources:
To uninstall Azure Monitor Agent by using the Azure portal, go to your virtual machine, scale set, or Azure Arc-enabled server. Select the Extensions tab and select AzureMonitorWindowsAgent or AzureMonitorLinuxAgent. In the dialog that opens, select Uninstall.
Uninstall on Azure virtual machines
Use the following PowerShell commands to uninstall Azure Monitor Agent on Azure virtual machines.
We recommend that you enable automatic update of the agent by enabling the Automatic Extension Upgrade feature by using the following PowerShell commands.
To perform a one-time update of the agent, you must first uninstall the existing agent version, then install the new version as described.
Windows
az vm extension set --name AzureMonitorWindowsAgent --publisher Microsoft.Azure.Monitor --vm-name <virtual-machine-name> --resource-group <resource-group-name> --enable-auto-upgrade true
Linux
az vm extension set --name AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --vm-name <virtual-machine-name> --resource-group <resource-group-name> --enable-auto-upgrade true
Update on Azure Arc-enabled servers
To perform a one-time upgrade of the agent, use the following CLI commands.
Windows
az connectedmachine upgrade-extension --extension-targets "{\"Microsoft.Azure.Monitor.AzureMonitorWindowsAgent\":{\"targetVersion\":\"<target-version-number>\"}}" --machine-name <arc-server-name> --resource-group <resource-group-name>
Linux
az connectedmachine upgrade-extension --extension-targets "{\"Microsoft.Azure.Monitor.AzureMonitorLinuxAgent\":{\"targetVersion\":\"<target-version-number>\"}}" --machine-name <arc-server-name> --resource-group <resource-group-name>
We recommend that you enable automatic update of the agent by enabling the Automatic Extension Upgrade feature by using the following PowerShell commands.
Data Collection Rules (DCRs) serve as a management tool for Azure Monitor Agent (AMA) on your machine. The AgentSettings DCR can be used to configure certain AMA parameters to configure the agent to your specific monitoring needs.
Note
Important considerations to keep in mind when working with the AgentSettings DCR:
The AgentSettings DCR can currently only be configured using ARM templates.
AgentSettings must be a single DCR with no other settings.
The virtual machine and the AgentSettings DCR must be located in the same region.
Supported parameters
The AgentSettings DCR currently supports configuring the following parameters:
Parameter
Description
Valid values
MaxDiskQuotaInMB
Defines the amount of disk space used (in MB) by the Azure Monitor Agent log files and cache.
Linux: 1025-51199 Windows: 4000-51199
UseTimeReceivedForForwardedEvents
Changes WEF column in the Sentinel WEF table to use TimeReceived instead of TimeGenerated data
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of the virtual machine."
}
},
"dataCollectionRuleId": {
"type": "string",
"metadata": {
"description": "The resource ID of the data collection rule."
}
}
},
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRuleAssociations",
"apiVersion": "2021-09-01-preview",
"scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('vmName'))]",
"name": "agentSettings",
"properties": {
"description": "Association of data collection rule. Deleting this association will break the data collection for this virtual machine.",
"dataCollectionRuleId": "[parameters('dataCollectionRuleId')]"
}
}
]
}