Azure Automanage for Machines Best Practices - Linux
Caution
This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the CentOS End Of Life guidance.
These Azure services are automatically onboarded for you when you use Automanage Machine Best Practices Profiles on a Linux VM. They are essential to our best practices white paper, which you can find in our Cloud Adoption Framework.
For all of these services, we will auto-onboard, auto-configure, monitor for drift, and remediate if drift is detected. To learn more, go to Azure Automanage for virtual machines.
Supported Linux distributions and versions
Automanage supports the following Linux distributions and versions:
- CentOS 7.3+, 8
- RHEL 7.4+, 8
- Ubuntu 16.04, 18.04, 20.04
- SLES 12 (SP3-SP5 only), SLES 15
Participating services
Note
Microsoft Antimalware is not supported on Linux machines at this time.
| Service | Description | Configuration Profile Supported1 |
|---|---|---|
| Machines Insights Monitoring | Azure Monitor for machines monitors the performance and health of your virtual machines, including their running processes and dependencies on other resources. Learn more. | Production |
| Backup | Azure Backup provides independent and isolated backups to guard against unintended destruction of the data on your VMs. Learn more. Charges are based on the number and size of VMs being protected. Learn more. | Production |
| Microsoft Defender for Cloud | Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud. Learn more. Automanage will configure the subscription where your VM resides to the free-tier offering of Microsoft Defender for Cloud (Enhanced security off). If your subscription is already onboarded to Microsoft Defender for Cloud, then Automanage will not reconfigure it. | Production, Dev/Test |
| Update Management | You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers. Learn more. | Production, Dev/Test |
| Change Tracking & Inventory | Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items. Learn more. | Production, Dev/Test |
| Machine configuration | Machine configuration is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure Linux baseline using the guest configuration extension. For Linux machines, the machine configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated. Learn more. | Production, Dev/Test |
| Boot Diagnostics | Boot diagnostics is a debugging feature for Azure virtual machines (VM) that allows diagnosis of VM boot failures. Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots. This will only be enabled for machines that are using managed disks. | Production, Dev/Test |
| Azure Automation Account | Azure Automation supports management throughout the lifecycle of your infrastructure and applications. Learn more. | Production, Dev/Test |
| Log Analytics Workspace | Azure Monitor stores log data in a Log Analytics workspace, which is an Azure resource and a container where data is collected, aggregated, and serves as an administrative boundary. Learn more. | Production, Dev/Test |
1 The configuration profile selection is available when you are enabling Automanage. Learn more. You can also create your own custom profile with the set of Azure services and settings that you need.
Next steps
Try enabling Automanage for machines in the Azure portal.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for