Install and manage Azure Monitor Agent

This article details the different methods to install, uninstall, update, and configure Azure Monitor Agent on Azure virtual machines, scale sets, and Azure Arc-enabled servers.

Important

Azure Monitor Agent requires at least one data collection rule (DCR) to begin collecting data after it's installed on the client machine. Depending on the installation method you use, a DCR may or may not be created automatically. If not, then you need to configure data collection following the guidance at Collect data with Azure Monitor Agent.

Prerequisites

See the following articles for prerequisites and other requirements for Azure Monitor Agent:

Important

Installing, upgrading, or uninstalling Azure Monitor Agent won't require a machine restart.

Installation options

The following table lists the different options for installing Azure Monitor Agent on Azure VMs and Azure Arc-enabled servers. The Azure Arc agent must be installed on any machines not in Azure before Azure Monitor Agent can be installed.

Installation method Description
VM extension Use any of the methods below to use the Azure extension framework to install the agent. This method does not create a DCR, so you must create at least one and associate it with the agent before data collection will begin.
Create a DCR When you create a DCR in the Azure portal, Azure Monitor Agent is installed on any machines that are added as resources for the DCR. The agent will begin collecting data defined in the DCR immediately.
Container insights When you enable Container insights on a Kubernetes cluster, a containerized version of Azure Monitor Agent is installed in the cluster, and a DCR is created that immediately begins collecting data. You can modify this DCR using guidance at Configure data collection and cost optimization in Container insights using data collection rule.
Client installer Installs the agent by using a Windows MSI installer for Windows 10 and Windows 11 clients.
Azure Policy Use Azure Policy to automatically install the agent on Azure virtual machines and Azure Arc-enabled servers and automatically associate them with required DCRs.

Note

To send data across tenants, you must first enable Azure Lighthouse. Cloning a machine with Azure Monitor Agent installed is not supported. The best practice for these situations is to use Azure Policy or an Infrastructure as a code tool to deploy AMA at scale.

Install agent extension

This section provides details on installing Azure Monitor Agent using the VM extension.

Use the guidance at Collect data with Azure Monitor Agent to install the agent using the Azure portal and create a DCR to collect data.

Uninstall

To uninstall Azure Monitor Agent by using the Azure portal, go to your virtual machine, scale set, or Azure Arc-enabled server. Select the Extensions tab and select AzureMonitorWindowsAgent or AzureMonitorLinuxAgent. In the dialog that opens, select Uninstall.

Update

To perform a one-time update of the agent, you must first uninstall the existing agent version. Then install the new version as described.

Configure (Preview)

Data Collection Rules (DCRs) serve as a management tool for Azure Monitor Agent (AMA) on your machine. The AgentSettings DCR can be used to configure certain AMA parameters to configure the agent to your specific monitoring needs.

Note

Important considerations to keep in mind when working with the AgentSettings DCR:

  • The AgentSettings DCR can currently only be configured using ARM templates.
  • AgentSettings must be a single DCR with no other settings.
  • The virtual machine and the AgentSettings DCR must be located in the same region.

Supported parameters

The AgentSettings DCR currently supports configuring the following parameters:

Parameter Description Valid values
MaxDiskQuotaInMB To provide resiliency the agent collects data in a local cache when the agent is unable to send data. The agent will send the data in the cache once the connection is restored. This paramerter is the amount of disk space used (in MB) by the Azure Monitor Agent log files and cache. Linux: 1025-51199
Windows: 4000-51199
UseTimeReceivedForForwardedEvents Changes WEF column in the Sentinel WEF table to use TimeReceived instead of TimeGenerated data 0 or 1

Setting up AgentSettings DCR

Currently not supported.

Next steps

Create a data collection rule to collect data from the agent and send it to Azure Monitor.