How to disable Azure Auto-Provision of Microsoft Monitor Agent to a specific resource or resource group?

Question

Hello,

We currently have a conflict with SCOM 2019, which uses a specific version of MMA, and Azure Auto-provisioning, which pushes an updated version. Microsoft's recommendation is to disable Auto-provisioning to those resources, but after many back and forth with Microsoft support, they don't seem to have any idea how to do just that, so I turn to the community.

The source of the auto-provisioning is Log Analytics, this can be found in Microsoft Defender for Cloud -> Environment Settings -> At the subscription level, under Cloud Workload Protection -> Servers -> Settings. Having Log Analytics Agent enabled turns on auto-provisioning for Log Analytics for all resources in that subscription, this causes MMA to be installed and updated automatically.

We don't want to turn off this feature because this works great for our 100s of other resources, but for two specific cases, it needs to be turned off, and we can't figure out how.

When you enable monitoring, a policy is created, which checks among other things that MMA is installed and updated, but it is set to "AuditIfNotExit", nothing more. We tried adding the resource as an exemption to this policy, but it didn't do anything.

We're trying to find the mechanism by which Azure Auto-Provisioning for Log Analytics work, and how to add an exemption for two specific machines as it would already be mitigated.

Thank you for your time!

Answer 1

Hi,

Best is to disable the feature. There are built-in Azure policy that you can use to install the agent. Use those policies and create exemptions or resource exclusions to avoid installing the agents on those machines that you do not want to.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.