John Sebastian, thank you for bringing this question here and I can understand the confusion that various agents available in Azure can cause. I am going to give a brief overview of the various agents mentioned above and will proceed with the answers to your questions later in this post. I hope that it would help you -
Before I begin, I would like to clarify the difference between Agent and Extension
Agent - It is a lightweight, always running application (mostly run as a service/daemon) which collects some information from the machine and delivers to somewhere or maintains the state of the machine itself conforming to some configuration.
Extension - In Azure, extensions provide post-deployment configuration and automation tasks on Azure VMs. The extensions can be part of the VM definition itself, hence, can be used to deploy something as part of host resource deployment itself. In the case of Azure Monitor, there are extensions which deploy the monitoring agent as part of VM/VMSS deployment. This eases the overall post-deployment step required to enable monitoring on VMs as well as provides a centralized way to manage these agents installed on them.
Thus, the agents available on VM are not always related to "Azure Monitor". There could be other agents installed on the VM to perform specific tasks.
The overview of agents mentioned in the question is available below:
AzureMonitoringWindowsAgent - This is the newer and recommended Azure Monitor Agent (AMA) extension for a VM. It is available for Windows VM with AzureMonitoringWindowsAgent name. Similarly, AzureMonitorLinuxAgent is the extension name for AMA on Linux VM. Based on the question, I see that you deployed them recently.
MMAExtension - Is the name of extension which installs the legacy agent on Windows VM. The agent itself is called as Log Analytics Agent or LA Agent, also called as "Microsoft Monitoring Agent" or MMA. For Linux VM, this extension installs an agent package called OMSAgentforLinux.
DependencyAgentWindows - Collects discovered data about processes running on the virtual machine and external process dependencies, which are used by the Map feature in VM insights. The Dependency agent relies on the Azure Monitor agent or Log Analytics agent to deliver its data to Azure Monitor. The data collected by this agent forms is used for VM insights
The extensions and agents discussed above are all related to "Azure Monitor". Please see this link for other (legacy) agents available in Azure Monitor.
There are other Extensions/Agents available which perform other specialized tasks
MDE.Windows - This is an agent for "Microsoft Defender for Endpoint". This forms the part of security ecosystem (and not monitoring).
In light of information provided above, please find below answer to your question:
- What is the actual Microsoft recommended Monitoring Solution for Azure VMs (Windows and Linux)? Is it the Azure Monitoring Agent? Yes, Azure Monitor agent is the latest agent which is recommended to be used for VMs.
- From the above listed agent names, which ones are the Log Analytics agents? I suspect that these log analytics agents are collecting duplicated data that the Azure. I can't tell from the agent names which ones are actually Log Analytics Agents. I want to remove them. For Windows VMs, Log Analytics Agents are known with many names - Log Analytics Agent, Microsoft Monitoring Agent (MMA) - mainly because of the legacy from on-prem SCOM world. For Linux VM, it is named OMSAgentForLinux or available as MMA Extension.
- What is the MDE.Windows agent and do I need it? Does it duplicate what is collected with the Azure Monitoring Agent or does it collect completely different information? It appears to be tied to Defender. You are right, it is related to Microsoft Defender and is for threat detection and prevention. It does not capture similar data as the Azure Monitor related agents (for LA and AMA)
- What is the MicrosoftMonitoringAgent and how is it different from the AzureMonitoringWindowsAgent? Is it also collecting duplicated data that the AzureMonitoringWindowsAgent is collecting? MicrosoftMonitoringAgent is the legacy Log Analytics Agent, whereas the AzureMonitoringWindowsAgent is the new Azure Monitor Agent. For more details, see Virtual machine extension details for AMA. Yes, they collect similar data from the VM and send it to Log Analytics Workspace. You may remove MicrosoftMonitoringAgent from the VM in favor of AzureMonitoringWindowsAgent.
- What is the DependencyAgentWindows? Is this also collecting duplicated data? It Collects discovered data about processes running on the virtual machine and external process dependencies, which are used by the Map feature in VM insights. The Dependency agent relies on the Azure Monitor agent or Log Analytics agent to deliver its data to Azure Monitor. The data collected by these agent forms is used for VM insights. It does not collect similar data as AMA or MMA.
I hope the explanation above would help clarify the understanding about these various components. Please let us know if you have any questions.