Open in app

Sign in

Write

Sign in

Azure Monitor Agent Migration for Azure Arc-Enabled Server

Pratheep Sinnathurai
7 min readMay 9, 2024

As lot of us know the Log Analytics Agent is on a deprecation Path. In my LAB Environment I have lot of Azure Arc-Enabled Servers. I took some time to migrate from Log Analytics Agent to Azure Monitor Agent in my LAB Environment and wrote this blog post to share my experience and to show were I faced some Issues.

AMA Migration Helper Workbook

Use the AMA Migration Helper Workbook to identify which Servers are still using the old Microsoft Monitor Agent.

Open the following Link in a Browser Session with your Azure Admin.

Microsoft Azure

portal.azure.com

In my Case I still have some servers which are either using Both Agents or Microsoft Monitor Agent only.

Data Collection Rules

To define which Data you are collecting with Azure Monitor Agent we use the Data Collection Rules.

In comparison the Microsoft Monitor Agent inherit this information from the Log Analytics Workspace.

You can use the DCR Config Generator from Microsoft to convert the Log Analytics configuration to a Data Collection Rule.

To use the DCR Config Generator from Microsoft we need to setup your PowerShell Environment first.

PowerShell Version

Make sure you are using PowerShell Version 7.1.3 or higher. You can use the following command for it.

$PSVersionTable

PowerShell Modules

We need the following PowerShell Modules:

  1. Az.OperationalInsights
  2. Az.Accounts
  3. Az.Resources

Azure Permission

Your Azure Administrator Account needs to be at least Log Analytics Reader.

DCR Config Generator

The DCR Config Generator Script from Microsoft can be found here: AzureMonitorCommunity/Azure Services/Azure Monitor/Agents/Migration Tools/DCR Config Generator/WorkspaceConfigToDCRMigrationTool.ps1 at master · microsoft/AzureMonitorCommunity (github.com)

Save this Script on your local Computer.

Identify Log Analytics Workspaces with Microsoft Monitor Agent

You can run the following PowerShell Script to identify which Log Analytics Workspaces are still using the Microsoft Monitor Agent.

We will save the affected Workspaces for the next Step to create the Data Collection Rule.

# Login to Azure
Connect-AzAccount

# Get all Log Analytics workspaces
$workspaces = Get-AzOperationalInsightsWorkspace | Select-Object Name, ResourceId, CustomerId
# Initialize query
$query = @"
Heartbeat
| where OSType == 'Windows'
| where Category != 'Azure Monitor Agent'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
"@

$affectedWorkspaces = @()
$affectedComputers = @()

# Run the query for each workspace
foreach ($workspace in $workspaces) {
    $result = Invoke-AzOperationalInsightsQuery -WorkspaceId $workspace.CustomerId -Query $query

    if ($result.Results.Rows.Count -gt 0) {
        Write-Output "The Workspace $($workspace.Name) is using the Log Analytics Agent. "
        foreach ($row in $result.Results) {
            $computer = @{
                Name              = $row.Resource
                ResourceGroupName = $row.ResourceGroup
            }
            $affectedComputers += $computer
        }

        $affectedWorkspaces += $workspace
    }
    else {
        Write-Output "The Workspace $($workspace.Name) has no Log Analytics Agent associated."
    }
}

Create Data Collection Rules

In the next Step we will create an ARM Template for each Log Analytics Workspace which still has an Microsoft Monitor Agent associated.

$outputFolder = ".\DCR"

foreach($workspace in $affectedWorkspaces){

    $SubscriptionId = $workspace.ResourceId.Split("/")[2]
    $ResourceGroupName = $workspace.ResourceId.Split("/")[4]
    $WorkspaceName = $workspace.Name
    $DCRName = $WorkspaceName + "-DCR"
    .\Scripts\WorkspaceConfigToDCRMigrationTool.ps1 -SubscriptionId $SubscriptionId -ResourceGroupName $ResourceGroupName -WorkspaceName $WorkspaceName -DcrName $DCRName -OutputFolder $outputFolder 
}

Decompile ARM Template into Bicep

After we have the ARM Template we can easily decompile the ARM Template into a Bicep file. We only need the Bicep Extension in Visual Studio Code.

Right Click on the ARM Template and click on “Decompile into Bicep”

Create the Data Collection Rule using Bicep

We can now use the Bicep File to create the Data Collection Rule using PowerShell.

$resourceGroupName = 'rg-monitoring-mgt-prd-szn-01'
New-AzResourceGroupDeployment -TemplateFile .\dcr\extensions_dcr_arm_template.bicep -ResourceGroupName $resourceGroupName

After we run the PowerShell Command we have the Data Collection Rule ready.

Create Data Collection Rule Association

The next step is to create a Bicep Resource for the Data Collection Rule Association. In this step we would associate our Azure Arc-Enabled Server with the the previously created Data Collection Rule.

….But there is an Issue currently with the Location in the Data Collection Rule Association.

There is an GitHub Issue for this Case:

Location issue with creating data collection rule via bicep prevents log analytics workspace association · Issue #9566 · Azure/bicep (github.com)

For this reason we will use PowerShell instead of Bicep ( :/ )for the further deployment.

We can use the following PowerShell Script to add all our Azure Arc Enabled Servers to the Data Collection Rule.

Change the Variable dataCollectionRuleName and resourceGroupNameDCR based on the previous used Bicep File.

# Install required modules
Install-Module Az.monitor
Import-Module Az.Monitor

Install-Module -Name Az.ConnectedMachine
Import-Module Az.ConnectedMachine

# Specify the data collection rule name and resource group name
$dataCollectionRuleName = 'log-monitoring-mgt-prd-szn-01-DCR'
$resourceGroupNameDCR = 'rg-monitoring-mgt-prd-szn-01'

# Get the data collection rule
$dataCollectionRule = Get-AzDataCollectionRule -ResourceGroupName $resourceGroupNameDCR -Name $dataCollectionRuleName

# Iterate over affected computers
foreach ($computer in $affectedComputers) {
    $associationName = $computer.Name + "-DCRA"
    $hybridMachine = Get-AzConnectedMachine -Name $computer.Name -ResourceGroupName $computer.ResourceGroupName -ErrorAction SilentlyContinue

    if ($null -ne $hybridMachine) {
        $association = Get-AzDataCollectionRuleAssociation -ResourceUri $hybridMachine.Id -ErrorAction SilentlyContinue
        if ($null -eq $association) {
            New-AzDataCollectionRuleAssociation -DataCollectionRuleId $dataCollectionRule.Id -Name $associationName -ResourceUri $hybridMachine.Id
        }
        else {
            Write-Output "The association $($associationName) already exists."
        }
    }
    else {
        Write-Output "The Hybrid Machine $($computer.Name) was not found."
    }
}

Migrate to the Azure Monitor Agent

As last step we need to uninstall the Log Analytics Agent and install the Azure Monitor Agent. I have used the following script in my Environment.

foreach ($computer in $affectedComputers) {
    $extensions = Get-AzConnectedMachineExtension `
        -ResourceGroupName $computer.ResourceGroupName `
        -MachineName $computer.Name `
        -ErrorAction SilentlyContinue

    $mmaExtension = $null
    $amaExtension = $null
        
    foreach ($extension in $extensions) {
        if ($extension.Name -eq 'MicrosoftMonitoringAgent') { $mmaExtension = $extension } 
        if ($extension.Name -eq 'AzureMonitorWindowsAgent') { $amaExtension = $extension } 
    }

    if ($null -ne $mmaExtension) {
        Write-Output "The MMA agent is already installed on the Hybrid Machine $($computer.Name)."
        Remove-AzConnectedMachineExtension `
            -ResourceGroupName $computer.ResourceGroupName `
            -MachineName $computer.Name `
            -Name 'MicrosoftMonitoringAgent'    
    }
    else {
        Write-Output "The MMA agent is not installed on the Hybrid Machine $($computer.Name)."
    }
    
    if ($null -ne $amaExtension) {
        Write-Output "The AMA agent is already installed on the Hybrid Machine $($computer.Name)."
    }
    else {
        Write-Output "The AMA agent is not installed on the Hybrid Machine $($computer.Name)."
        New-AzConnectedMachineExtension `
            -ResourceGroupName $computer.ResourceGroupName `
            -MachineName $computer.Name `
            -ExtensionType 'AzureMonitorWindowsAgent' `
            -Publisher 'Microsoft.Azure.Monitor' `
            -Name 'AzureMonitorWindowsAgent' `
            -Location (Get-AzConnectedMachine -ResourceGroupName $computer.ResourceGroupName -Name $computer.Name).Location
    }
}

I still had some cases where I need to manual check on the Servers. This cases were:

  • Azure Arc-Enabled Server which were already deleted
  • Azure Arc-Enabled Server which were not using Microsoft Monitor Agent

In those Cases I just uninstalled the Log Analytics Agent manually and install the Azure Monitor Agent.

Checking my LAB

This is my LAB Environment before the Migration.

This is my LAB Environment after the Migration.

Checking my Insights on my Azure Arc Enabled Servers they were up-to-date.

I have some Legacy Solutions left in my LAB. Here I am still checking If I can delete those.

Comparing the Heartbeats on the Log Analytic Workspace I still see one server which communicates using the Log Analytics Agent even the extension is not installed anymore.

Azure Monitor Agent:

Log Analytics Agent:

It looks like that the Monitor Agent is still installed and still communicates. I have uninstalled it manually.

My Learnings

  • The Migration should be done using Automation Tools. Unfortunately it is not possible with Bicep. I recommend the Migration using PowerShell.
  • Automation is cool but in my Case I also did some manual Tasks and checked the Heartbeat on the Log Analytics Workspace.
Azure Monitor
Powershell
Log Analytics Workspace
Azure Arc
Azure

--

--

Pratheep Sinnathurai

Written by Pratheep Sinnathurai

24 Followers

Senior Azure Engineer and Microsoft MVP in Azure Hybrid & Migration

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams