-
Notifications
You must be signed in to change notification settings - Fork 984
ALZ AMA Update
github-actions edited this page Jun 21, 2024
·
3 revisions
The Log Analytics agent, also known as the Microsoft Monitoring Agent (MMA), is on a deprecation path and won't be supported after August 31, 2024. Any new data centers brought online after January 1 2024 will not support the Log Analytics agent. If you use the Log Analytics agent to ingest data to Azure Monitor, migrate to the new Azure Monitor agent prior to that date.
New ALZ deployments will use AMA exclusively. Brownfield guidance for adopting AMA is available AMA Migration Guidance
The migration from MMA to AMA has been a mayor project across multiple teams within Microsoft. ALZ held off on implementing AMA up to this point to ensure that a good feature set was available across all the different solutions. While there still are a few gaps, which are detailed below, we feel that the current AMA configuration is ready to be implemented in ALZ.
- Include AMA for Greenfield customers using the portal deployment. (Completed)
- Brownfield adoption guidance is available. This includes:
- Implementation guidance
- Breaking changes
- Cleanup guidance
- Quick reference to public documentations for migration guidance for individual solutions
- Include AMA for Greenfield and Brownfield customers using either a Bicep or Terraform deployment. (June 2024)
Please check the most recent information on parity gaps:
- Known parity gaps for solutions that may impact your migration
- Microsoft Sentinel Gap analysis between agents
- Change Tracking and Inventory using Azure Monitoring Agent doesn't support or has the following limitations
- Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation - Microsoft Community Hub
| Service | What it does | Status | Parity |
|---|---|---|---|
| Agent health | Monitors agent heartbeat | Deprecating. You can query the heartbeat. AMBA already has an Alert Rule for this. | N/A |
| Sentinel | Security information and event management | Public Preview - Migrated to AMA | Windows Firewall Logs (Private preview), Application and service logs |
| Change Tracking | This feature tracks changes in virtual machines hosted in Azure, on-premises, other clouds | GA - Migrated to AMA | Parity |
| Azure Monitor --> VM Insights | Monitoring VMs | GA - Migrated to AMA | Parity |
| Update Management | Manages VM patches and updates | GA - Migrated to Azure Update Management (AUM) that does not require an agent | |
| SQL Vulnerability Assessment Solution | Helps discover, track, and remediate potential database vulnerabilities | GA - Migrated to AMA and is now part of Microsoft Defender for SQL | Parity |
| SQL Advanced Thread Protection Solution | Detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases | GA - Migrated to AMA and is now part of Microsoft Defender for SQL | Parity |
| SQL Assessment Solution | Identifies possible performance issues and evaluates that your SQL Server is configured to follow best practices. | GA - Now part of SQL best practices assessment. | Current ALZ Status 'Removed' due to LAW deployment constraint with ALZ design principles (requires LAW per subscription), ALZ team will work with relevant product team to address |
| MDfC for Servers | Provide server protections through Microsoft Defender for Endpoint or extended protection with just-in-time network access, file integrity monitoring, vulnerability assessment, and more. | GA (See parity column for detail) - Migrated to MDC (Agentless) | Features in development: FIM, Endpoint protection discovery recommendations, OS Misconfigurations (ASB recommendations). Features on backlog: Adaptive Application controls |
| MDfC for SQL Server Virtual Machines | Protect your entire database estate with attack detection and threat response for the most popular database types in Azure to protect the database engines and data types, according to their attack surface and security risks. | GA - Migrated to AMA |
- Agent Health: Deprecated.
- Change Tracking (Automation account)
- Update Management (Automation account)
- VM Insights (Legacy solution/ MMA)
- SQL Assessment (Legacy solution)
- Sql Vulnerability Assessment (Legacy solution)
- Sql Advanced Threat Protection (Legacy solution)
- PolicySetDefinition: Enable Azure Monitor for Virtual Machine Scale Sets / Legacy - Enable Azure Monitor for Virtual Machine Scale Sets
- PolicySetDefinition: Enable Azure Monitor for VMs / Legacy - Enable Azure Monitor for VMs
- User Assigned Managed Identity
- Name: id-ama-prod--001
- Data collection rules
- dcr-changetracking-prod--001
- dcr-defendersql-prod--001
- dcr-vminsights-prod--001
| Policy Definition / Policy Initiative | Child Policy Definitions |
|---|---|
| Policy Initiative Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines |
Windows: 59efceea-0c96-497e-a4a1-4eb2290dac15 Linux: 59efceea-0c96-497e-a4a1-4eb2290dac15 Windows: bfea026e-043f-4ff4-9d1b-bf301ca7ff46 Linux: bfea026e-043f-4ff4-9d1b-bf301ca7ff46 |
| Policy Definition Do not allow deletion of specified resource and resource type |
| Policy Definition / Policy Initiative (Set Definition) | Name |
|---|---|
| Policy Initiative | Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA) |
| Policy Initiative | Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) |
| Policy Initiative | Enable Azure Monitor for Hybrid VMs with AMA |
| Policy Initiative (Custom) | Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines |
| Policy Initiative | Enable Change Tracking and Inventory for Arc-enabled virtual machines |
| Policy Initiative | Enable Change Tracking and Inventory for virtual machines |
| Policy Initiative | Enable ChangeTracking and Inventory for virtual machine scale sets |
| Policy Initiative | Enable Defender for SQL on SQL VMs and Arc-enabled SQL Servers |
| Policy Definition | Do not allow deletion of the User Assigned Managed Identity used by AMA |
- What's New?
- Community Calls
- Frequently Asked Questions (FAQ)
- Known issues
- What is Enterprise-Scale
- How it Works
- Deploying Enterprise-Scale
- Pre-requisites
- ALZ Resource Providers Guidance
- Configure Microsoft Entra permissions
- Configure Azure permissions
- Deploy landing zones
- Deploy reference implementations
- Telemetry Tracking Using Customer Usage Attribution (PID)
- Deploy without hybrid connectivity to on-premises
- Deploy with a hub and spoke based network topology
- Deploy with a hub and spoke based network topology with Zero Trust principles
- Deploy with an Azure Virtual WAN based network topology
- Deploy for Small Enterprises
- Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)
- Deploy workloads
- Create landing zones (subscriptions) via Subscription Vending
- Azure Landing Zones Deprecated Services
- Azure Landing Zone (ALZ) Policies
- Policies included in Azure landing zones reference implementations
- Policies included but not assigned by default and Workload Specific Compliance initiatives
- Policies FAQ & Tips
- Policies Testing Framework
- Migrate Azure landing zones custom policies to Azure built-in policies
- Updating Azure landing zones custom policies to latest
- MMA Deprecation Guidance
- Contributing