Loading...

Automation for Large Scale Deployment of Agents on Servers managed by Azure Arc

Automation for Large Scale Deployment of Agents on Servers managed by Azure Arc

There is a growing need for the deployment of tools or agents on on-premise servers in bulk. Its highly time consuming to manually deploy the agent in bulk.

 

Microsoft Azure uses Azure Arc for the agents/tools/application deployments and can be combined with Azure policy for large scale mass deployment. In the below usecase Log Analytics and Dependency agents pushed via the policy.

 

Agents can be deployed manually using Azure portal, though for large environment, it is recommended to push these agents via custom Azure Policy or using PowerShell automation scripting.

 

surao_0-1673434564816.jpeg

 

 

Deployment using Azure Policy

Below usecase helps deploying Log Analytics and Dependency agents using Azure policy.

There are 2 core functionalities of Azure policy that allows the automation

  • Creating Azure Policy Definition
  • Policy assignment & Remediation

Creating Azure Policy Definition

In order to push through Azure policy the first step is to define policy rule as below, for Arc the resource type is Microsoft.HybridCompute, For Linux we just need to change imageOffer to “linux*”.

 

"policyRule": {

      "if": {

        "allOf": [

          {

            "field": "type",

            "equals": "Microsoft.HybridCompute/machines"

          },

          {

            "field": "Microsoft.HybridCompute/imageOffer",

            "like": "windows*"

          }

If we want to deploy MMA only to certain Arc servers, then we can

add a tag to the machine, for example “loganalytics:true” and define

the below section in PolicyRule, then it will push MMA agent only to VMs where this tag is set as true.

{

 "field": "tags.loganalytics",

 "equals": "true"

 }

 surao_12-1673435122748.png

 

 

Define OMSagent for Linux & MMA for Windows.

 

surao_13-1673435214209.png

Policy Assignment and Remediation

After creating policy definition create policy assignment to define scope, resource exclusion against the assignment defined in the first step.

Next is to create remediation task with managed identity to auto remediate all non-compliant Arc Machine.

For Dependency Agent, the policy rule will remain same as defined for MMA, define imageOffer “windows*” for windows server & “Linux*” for Linux respectively. Existence condition will change based on the extension type.

 

surao_14-1673435251422.png

Define Parameter, Variables and resources as below:

 

surao_15-1673435282848.png

 

Deployment using Powershell Script

We can also deploy MMA/OMSAgent extensions to Arc servers via PowerShell command for all the servers aligned within same resource group.

In order to run the below command, put all the VMs, separated per line, in a text file and create a loop logic as below

$VMname=get-content "C:\list.txt"  

foreach($vm in $VMname){

$vm1 = Get-AzConnectedMachine -Name $vm -ResourceGroupName <RGNAME>

$Setting = @{ "workspaceId" = "workspaceId" }

$protectedSetting = @{ "workspaceKey" = "workspaceKey" }

New-AzConnectedMachineExtension -Name OMSLinuxAgent -ResourceGroupName "RGName" -MachineName $vm1.Name -Location "regionName" -Publisher "Microsoft.EnterpriseCloud.Monitoring" -Settings $Setting -ProtectedSetting $protectedSetting -ExtensionType "OmsAgentForLinux"

}

For windows change the value for the -ExtensionType parameter to "MicrosoftMonitoringAgent".

 

References

 

Azure Arc

Azure Arc helps client to bring their distributed workloads under single control planes using Azure Public Cloud. This will allow for direct enablement and integration with Microsoft Security tools and monitoring agents.

https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=ARMAgentPowerShell%2CPowerShellWindows%2CPowerShellWindowsArc%2CCLIWindows%2CCLIWindowsArc

Azure Policy

Azure policy helps assess organization compliance and overall environmental state. Azure policy allows to restrict usage of Azure resources based on compliance requirements.

https://learn.microsoft.com/en-us/azure/governance/policy/

https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-policies-mma

 

 

About Author

 

surao_0-1673434327250.png

Kritika Gupta

I am an experienced IT professional, focused on cloud technologies and DevOps. I specialize in Azure, Azure DevOps, Arc, AKS , PowerShell/CLI.

I am currently working at DXC Technology as an Azure Sr. Engineer in the Global India Azure Delivery Team. LinkedIn: "linkedin.com/in/kritika-gupta-609757b6"

Published on:

Learn more
Azure Arc Blog articles
Azure Arc Blog articles

Azure Arc Blog articles

Share post:

Related posts

SharePoint button web part: Add custom Copilot in SharePoint prompts or start Power Automate flows

The SharePoint Button web part will support launching custom Copilot prompts or Power Automate flows, enhancing productivity and automation. A...

10 hours ago

Power Automate: Add to Time Action

Shifts a timestamp by a whole number of time units. Negative values subtract; the result is text.

1 day ago

Building on Vercel’s eve + Azure Cosmos DB: An Agent That Remembers

Most “AI agent” demos forget everything the moment the process exits. That’s fine for a toy project, but useless for anythin...

1 day ago

The Best Way to Learn Power Apps, Power Automate & Microsoft Copilot in 2026

Looking for the best live training to master the Microsoft Power Platform? PowerApps911's live, Microsoft MVP-led courses are designed to help...

1 day ago

Power Automate: convertToUtc function

Converts a timestamp from a source time zone to UTC using Windows time zone names.

2 days ago

Copilot Studio – Environment-level agent telemetry export to Azure Application Insights (Preview)

We are announcing the ability for administrators to export Copilot Studio agent telemetry at the environment level to Azure Application Insigh...

2 days ago

See our new Azure Cosmos DB Design Patterns

Design patterns are where good data modeling lives or dies. In a NoSQL database like Azure Cosmos DB, the difference between a schema that sca...

2 days ago

Batch Operations and Throttling Mitigation in Power Automate

Bundle hundreds of SharePoint writes into a single $batch request to stop hitting throttling limits.

3 days ago

Need a different partition key in Azure Cosmos DB? Pick the right approach

Once you create a container, its partition key is fixed at creation, and you can’t change it in place. However, if your original key starts ca...

3 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy