Source
Display name
Configure SQL Virtual Machines to automatically install Azure Monitor Agent
Id
f91991d1-5383-4c95-8ee5-5ac423dd8bb1 Copy Id Copy resourceId
Version
1.6.0
Versioning
Versions supported for Versioning: 6
Category
Security Center
Description
Automate the deployment of Azure Monitor Agent extension on your Windows SQL Virtual Machines. Learn more: https://aka.ms/AMAOverview.
Cloud environments
AzureCloud = true
Available in AzUSGov
The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Mode
Indexed
Type
BuiltIn
Preview
False
Deprecated
False
Effect
Default Allowed
RBAC role(s)
Rule aliases
THEN-Details (1) THEN-ExistenceCondition (3)
Rule resource types
IF (1) THEN-Deployment (1)
Compliance
Not a Compliance control
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear Security Center Clear GA Clear BuiltIn
Initiative DisplayName
Initiative Id
Initiative Category
State
Type
polSet in AzUSGov
Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a LA workspace
d7c3ea3a-edf3-4bd5-bd64-d5b635b05393 Security Center
GA BuiltIn
true
Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace
de01d381-bae9-4670-8870-786f89f49e26 Security Center
GA BuiltIn
true
No results
History
Date/Time (UTC ymd) (i)
Change type
Change detail
2025-01-21 19:02:36
change
Minor (1.5.0 > 1.6.0)
2024-09-10 17:48:30
change
Minor (1.4.0 > 1.5.0)
2024-05-13 17:44:58
change
Minor (1.3.0 > 1.4.0)
2024-01-12 18:35:06
change
Minor (1.2.2 > 1.3.0)
2023-11-17 19:29:28
change
Patch, old suffix: preview (1.2.1-preview > 1.2.2)
2023-10-31 19:02:40
change
Minor, suffix remains equal (1.1.1-preview > 1.2.1-preview)
2023-09-11 17:59:12
change
Patch, suffix remains equal (1.1.0-preview > 1.1.1-preview)
2023-08-22 17:59:24
add
f91991d1-5383-4c95-8ee5-5ac423dd8bb1
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.5.0 1.4.0 1.3.0 1.2.2 1.2.1-preview 1.1.1-preview 1.1.0-preview version right: 1.6.0 1.5.0 1.4.0 1.3.0 1.2.2 1.2.1-preview 1.1.1-preview 1.1.0-preview
@@ -3,9 +3,9 @@
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Automate the deployment of Azure Monitor Agent extension on your Windows SQL Virtual Machines. Learn more: https://aka.ms/AMAOverview.",
6
"metadata": {
7
-
"version": "1.5.0",
8
"category": "Security Center"
9
},
10
"parameters": {
11
"bringYourOwnUserAssignedManagedIdentity": {
@@ -46,12 +46,8 @@
46
"allOf": [
47
{
48
"field": "type",
49
"equals": "Microsoft.SqlVirtualMachine/SqlVirtualMachines"
50
-
},
51
-
{
52
-
"field": "Microsoft.SqlVirtualMachine/sqlVirtualMachines/osType",
53
-
"equals": "Windows"
54
}
55
]
56
},
57
"then": {
@@ -61,24 +57,40 @@
61
"evaluationDelay": "AfterProvisioning",
62
"roleDefinitionIds": [
63
"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
64
],
65
-
"name": "[concat(last(split(field('Microsoft.SqlVirtualMachine/SqlVirtualMachines/virtualMachineResourceId'), '/')), '/AzureMonitorWindowsAgent')]",
66
"existenceCondition": {
67
-
"allOf": [
68
{
69
-
"field": "Microsoft.Compute/virtualMachines/extensions/type",
70
-
"equals": "AzureMonitorWindowsAgent"
71
},
72
{
73
-
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
74
-
"equals": "Microsoft.Azure.Monitor"
75
-
},
76
-
{
77
-
"field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
78
-
"in": [
79
-
"Succeeded",
80
-
"Provisioning succeeded"
81
]
82
}
83
]
84
},
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Automate the deployment of Azure Monitor Agent extension on your Windows SQL Virtual Machines. Learn more: https://aka.ms/AMAOverview.",
6
"metadata": {
7
+
"version": "1.6 .0",
8
"category": "Security Center"
9
},
10
"parameters": {
11
"bringYourOwnUserAssignedManagedIdentity": {
46
"allOf": [
47
{
48
"field": "type",
49
"equals": "Microsoft.SqlVirtualMachine/SqlVirtualMachines"
50
}
51
]
52
},
53
"then": {
57
"evaluationDelay": "AfterProvisioning",
58
"roleDefinitionIds": [
59
"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
60
],
61
+
"name": "[concat(last(split(field('Microsoft.SqlVirtualMachine/SqlVirtualMachines/virtualMachineResourceId'), '/')), '/? ')]",
62
"existenceCondition": {
63
+
"anyOf ": [
64
{
65
+
"allOf": [
66
+
{
67
+
"field": "Microsoft.Compute/virtualMachines/extensions/type",
68
+
"equals": "SqlIaaSAgentLinux"
69
+
},
70
+
{
71
+
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
72
+
"equals": "Microsoft.SqlServer.Management "
73
+
}
74
+
]
75
},
76
{
77
+
"allOf": [
78
+
{
79
+
"field": "Microsoft.Compute/virtualMachines/extensions/type",
80
+
"equals": "AzureMonitorWindowsAgent"
81
+
},
82
+
{
83
+
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
84
+
"equals": "Microsoft.Azure.Monitor"
85
+
},
86
+
{
87
+
"field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
88
+
"in": [
89
+
"Succeeded",
90
+
"Provisioning succeeded"
91
+
]
92
+
}
93
]
94
}
95
]
96
},
JSON
api-version=2021-06-01 Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "Configure SQL Virtual Machines to automatically install Azure Monitor Agent" , policyType: "BuiltIn" , mode: "Indexed" , description: "Automate the deployment of Azure Monitor Agent extension on your Windows SQL Virtual Machines. Learn more: https://aka.ms/AMAOverview." , metadata: { 2 items version: "1.6.0" , category: "Security Center" } , parameters: { 3 items bringYourOwnUserAssignedManagedIdentity: { 4 items type: "Boolean" , metadata: { 2 items displayName: "Bring Your Own User-Assigned Identity" , description: "Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist otherwise the policy deployment will fail. If enabled, ensure that the user-assigned managed identity resource ID parameter matches the pre-created user-assigned managed identity resource ID. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'." } , allowedValues: [ 2 items ] , defaultValue: false } , userAssignedIdentityResourceId: { 3 items type: "String" , metadata: { 2 items displayName: "User-Assigned Managed Identity Resource ID" , description: "The resource ID of the pre-created user-assigned managed identity. This parameter is only used when the Centralized User-Assigned Managed Identity parameter is true." } , defaultValue: "" } , effect: { 4 items type: "String" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" } } , policyRule: { 2 items if: { 1 item } , then: { 2 items effect: "[parameters('effect')]" , details: { 6 items type: "Microsoft.Compute/virtualMachines/extensions" , evaluationDelay: "AfterProvisioning" , roleDefinitionIds: [ 1 item ] , name: "[
concat(
last(
split(
field('Microsoft.SqlVirtualMachine/SqlVirtualMachines/virtualMachineResourceId'),
'/'
)
),
'/?'
)
]" , existenceCondition: { 1 item anyOf: [ 2 items { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Compute/virtualMachines/extensions/type" , equals: "SqlIaaSAgentLinux" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/publisher" , equals: "Microsoft.SqlServer.Management" } ] } , { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Compute/virtualMachines/extensions/type" , equals: "AzureMonitorWindowsAgent" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/publisher" , equals: "Microsoft.Azure.Monitor" } , { 2 items field: "Microsoft.Compute/virtualMachines/extensions/provisioningState" , in: [ 2 items "Succeeded" , "Provisioning succeeded" ] } ] } ] } , deployment: { 1 item properties: { 3 items mode: "incremental" , parameters: { 3 items vmName: { 1 item value: "[
last(
split(
field('Microsoft.SqlVirtualMachine/SqlVirtualMachines/virtualMachineResourceId'),
'/'
)
)
]" } , location: { 1 item value: "[field('location')]" } , userAssignedManagedIdentity: { 1 item value: 🔍 "[
if(
parameters('bringYourOwnUserAssignedManagedIdentity'),
parameters('userAssignedIdentityResourceId'),
concat(
'/subscriptions/',
subscription().subscriptionId,
'/resourceGroups/built-in-identity-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/built-in-identity-',
field('location')
)
)
]" } } , template: { 5 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 3 items } , variables: { 4 items extensionName: "AzureMonitorWindowsAgent" , extensionPublisher: "Microsoft.Azure.Monitor" , extensionType: "AzureMonitorWindowsAgent" , extensionTypeHandlerVersion: "1.2" } , resources: [ 1 item { 6 items name: 🔍 "[
concat(
parameters('vmName'),
'/',
variables(
'extensionName'
)
)
]", type: "Microsoft.Compute/virtualMachines/extensions" , location: "[parameters('location')]" , tags: { 1 item createdBy: "MicrosoftDefenderForSQL" } , apiVersion: "2023-03-01" , properties: { 6 items publisher: "[variables('extensionPublisher')]" , type: "[variables('extensionType')]" , typeHandlerVersion: "[variables('extensionTypeHandlerVersion')]" , autoUpgradeMinorVersion: true , enableAutomaticUpgrade: true , settings: { 1 item } } } ] } } } } } } }
