Automation for Large Scale Deployment of Agents on Servers managed by Azure Arc
|
There is a growing need for the deployment of tools or agents on on-premise servers in bulk. Its highly time consuming to manually deploy the agent in bulk.
Microsoft Azure uses Azure Arc for the agents/tools/application deployments and can be combined with Azure policy for large scale mass deployment. In the below usecase Log Analytics and Dependency agents pushed via the policy.
Agents can be deployed manually using Azure portal, though for large environment, it is recommended to push these agents via custom Azure Policy or using PowerShell automation scripting.
|
|
Deployment using Azure Policy
Below usecase helps deploying Log Analytics and Dependency agents using Azure policy.
There are 2 core functionalities of Azure policy that allows the automation
- Creating Azure Policy Definition
- Policy assignment & Remediation
Creating Azure Policy Definition
In order to push through Azure policy the first step is to define policy rule as below, for Arc the resource type is Microsoft.HybridCompute, For Linux we just need to change imageOffer to “linux*”.
|
"policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.HybridCompute/machines" }, { "field": "Microsoft.HybridCompute/imageOffer", "like": "windows*" } If we want to deploy MMA only to certain Arc servers, then we can add a tag to the machine, for example “loganalytics:true” and define the below section in PolicyRule, then it will push MMA agent only to VMs where this tag is set as true. { "field": "tags.loganalytics", "equals": "true" } |
|
Define OMSagent for Linux & MMA for Windows.
Policy Assignment and Remediation
After creating policy definition create policy assignment to define scope, resource exclusion against the assignment defined in the first step.
Next is to create remediation task with managed identity to auto remediate all non-compliant Arc Machine.
For Dependency Agent, the policy rule will remain same as defined for MMA, define imageOffer “windows*” for windows server & “Linux*” for Linux respectively. Existence condition will change based on the extension type.
Define Parameter, Variables and resources as below:
Deployment using Powershell Script
We can also deploy MMA/OMSAgent extensions to Arc servers via PowerShell command for all the servers aligned within same resource group.
In order to run the below command, put all the VMs, separated per line, in a text file and create a loop logic as below
$VMname=get-content "C:\list.txt"
foreach($vm in $VMname){
$vm1 = Get-AzConnectedMachine -Name $vm -ResourceGroupName <RGNAME>
$Setting = @{ "workspaceId" = "workspaceId" }
$protectedSetting = @{ "workspaceKey" = "workspaceKey" }
New-AzConnectedMachineExtension -Name OMSLinuxAgent -ResourceGroupName "RGName" -MachineName $vm1.Name -Location "regionName" -Publisher "Microsoft.EnterpriseCloud.Monitoring" -Settings $Setting -ProtectedSetting $protectedSetting -ExtensionType "OmsAgentForLinux"
}
For windows change the value for the -ExtensionType parameter to "MicrosoftMonitoringAgent".
References
Azure Arc
Azure Arc helps client to bring their distributed workloads under single control planes using Azure Public Cloud. This will allow for direct enablement and integration with Microsoft Security tools and monitoring agents.
https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview
Azure Policy
Azure policy helps assess organization compliance and overall environmental state. Azure policy allows to restrict usage of Azure resources based on compliance requirements.
https://learn.microsoft.com/en-us/azure/governance/policy/
About Author
Kritika Gupta
I am an experienced IT professional, focused on cloud technologies and DevOps. I specialize in Azure, Azure DevOps, Arc, AKS , PowerShell/CLI.
I am currently working at DXC Technology as an Azure Sr. Engineer in the Global India Azure Delivery Team. LinkedIn: "linkedin.com/in/kritika-gupta-609757b6"
Published on:
Learn moreRelated posts
Extending Power Automate Run History Beyond 28 Days Using Cloud Flow Run Metadata
Power Automate has become the backbone for many business processes, integrations, and automation scenarios across the Power Platform ecosystem...
Fundamentals of Azure DevOps with SQL projects
Building automated pipelines with your SQL database projects enables you to build a rich CI/CD ecosystem to ensure that your application is be...
Power Automate – Restore accidentally deleted flows
We are announcing the ability to restore accidentally deleted flows in Power Automate. This feature will reach general availability on July 30...
Power Automate – Review Firewall Configuration for Upcoming Platform Infrastructure Updates
We identified that one or more flows in your environment may be affected by existing firewall or IP allow list configurations. What action do ...
Power Automate – Export work queue items to CSV
We are announcing the ability to export work queue items to CSV in Power Automate. This feature will reach general availability on July 31, 20...
Power Automate – UI automation repair agent
We are announcing the UI automation repair agent in Power Automate. This feature will reach public preview on July 16, 2026. How does this aff...
Power Automate – View machine and flow utilization in dashboards
We are announcing the ability to view machine and flow utilization in dashboards in Power Automate. This feature will reach general availabili...
Power Automate – Build better forms with integrated Power Apps
We are announcing the ability to launch interactive Power Apps directly from desktop flows within Power Automate. This feature will reach gene...
Upcoming Change: NTLM Removal in Git (libcurl) – Impact to Azure DevOps Server Customers
Overview In September 2026, NTLM support will be removed from libcurl, which is used by Git for HTTP(S) operations. As a result, Git operation...
What’s new across Microsoft SQL in 2026 so far (SQL Server, Azure SQL, and SQL database in Fabric)
We’re halfway through 2026, and Microsoft SQL has not slowed down. Since SQLCon/FabCon in March (where we released a ton of things, and those ...