Manage extensions and use an Azure Resource Manager template to deploy the Log Analytics agent to Azure Arc Linux and Windows servers
This article provides guidance on how to manage extensions to Azure Arc-enabled servers. Virtual machine extensions are small applications that provide post-deployment configuration and automation tasks such as software installation, anti-virus protection, or a mechanism to run a custom script.
Azure Arc-enabled servers, enables you to deploy Azure VM extensions to non-Azure Windows and Linux VMs, giving you a hybrid or multicloud management experience that levels to Azure VMs.
You can use the Azure portal, Azure CLI, an Azure Resource Manager template (ARM template), PowerShell script or Azure policies to manage the extension deployment to Azure Arc-enabled servers, both Linux and Windows. In the following procedures, you'll use an ARM template to deploy the Log Analytics agent to your servers. This onboards them in Azure services that use this agent: Azure Monitor, Microsoft Defender for Cloud, Microsoft Sentinel, and so on.
Important
The procedures in this article assumes you've already deployed VMs, or servers that are running on-premises or on other clouds, and you have connected them to Azure Arc. If you haven't, the following information can help you automate this.
- GCP Ubuntu instance
- GCP Windows instance
- AWS Ubuntu EC2 instance
- AWS Amazon Linux 2 EC2 instance
- VMware vSphere Ubuntu VM
- VMware vSphere Windows Server VM
- Vagrant Ubuntu box
- Vagrant Windows box
Review the Azure Monitor supported OS documentation and ensure that the VMs you will use for this exercise are supported. For Linux VMs, check both the Linux distribution and kernel to ensure you are using a supported configuration.
Prerequisites
Clone the Azure Arc Jumpstart repository.
git clone https://github.com/microsoft/azure_arc.gitAs mentioned, this guide starts at the point where you already deployed and connected VMs or bare-metal servers to Azure Arc. For this scenario, we use a Google Cloud Platform (GCP) instance that has been already connected to Azure Arc and is visible as a resource in Azure. As shown in the following screenshots:


Install or update Azure CLI. Azure CLI should be running version 2.7 or later. Use
az --versionto check your current installed version.Create an Azure service principal.
To connect a VM or bare-metal server to Azure Arc, Azure service principal assigned with the Contributor role is required. To create it, sign in to your Azure account, and run the following command. You can also run this command in Azure Cloud Shell.
az login az ad sp create-for-rbac -n "<Unique SP Name>" --role contributorFor example:
az ad sp create-for-rbac -n "http://AzureArcServers" --role contributorOutput should look like this:
{ "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "displayName": "AzureArcServers", "name": "http://AzureArcServers", "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" }Note
We highly recommend that you scope the service principal to a specific Azure subscription and resource group.
You will also need to have a Log Analytics workspace deployed. You can automate the deployment by editing the ARM template parameters file, and providing a name and location for your workspace.

To deploy the ARM template, navigate to the
../extensions/armdeployment folder and run the following command:az deployment group create --resource-group <Name of the Azure resource group> \ --template-file <The `log_analytics-template.json` template file location> \ --parameters <The `log_analytics-template.parameters.json` template file location>
Azure Arc-enabled servers Log Analytics agent extension deployment
Edit the extensions parameters file

To match your configuration you will need to provide:
The VM name as registered in Azure Arc.

The location of the resource group where you registered the Azure Arc-enabled server.

Information about the Log Analytics workspace you previously created (workspace ID and key). These parameters are used to configure the MMA agent. You can find this information by going to your Log Analytics workspace and under Settings, select Agents management.


Choose the ARM template that matches your operating system, either Windows or Linux, deploy the template by running the following command:
az deployment group create --resource-group <Name of the Azure resource group> \ --template-file <The `mma-template.json` template file location> \ --parameters <The `mma-template.parameters.json` template file location>After the template has completed its run, you should see an output similar to the following:

You will have the Log Analytics agent deployed on your Windows or Linux system and reporting to the Log Analytics workspace that you have selected. You can verify by going back to Agents Management in your workspace and choosing either Windows or Linux. You should see an additional connected VM.


Clean up your environment
Complete the following steps to clean up your environment.
Remove the virtual machines from each environment by following the teardown instructions from each guide.
Remove the Log Analytics workspace by executing the following command in Azure CLI. Provide the workspace name you used when creating the Log Analytics workspace.
az monitor log-analytics workspace delete --resource-group <Name of the Azure resource group> --workspace-name <Log Analytics Workspace Name> --yes