Edit

Enable Azure Change Tracking and Inventory at scale for Azure VMs by using Azure Policy

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ Windows Registry ✔️ Windows Files ✔️ Linux Files ✔️ Windows Software

This article provides detailed procedures on how to enable Azure Change Tracking and Inventory at scale by using Azure Policy.

Prerequisite

Before you enable Change Tracking and Inventory, ensure that you create a data collection rule (DCR) or use an existing one.

Enable Azure Change Tracking and Inventory at scale

By using the deploy-if-not-exists (DINE) policy, you can enable Change Tracking with the Azure Monitor Agent at scale and in the most efficient manner.

  1. Sign in to the Azure portal and select Change Tracking and Inventory.

    Screenshot that shows selecting Change Tracking and Inventory in the Azure portal.

  2. On the Change Tracking and Inventory Center | Machines pane, under Manage, select Policy.

    Screenshot that shows selecting Policy in the Azure portal.

  3. On the Change Tracking and Inventory Center | Policy pane, under the filter Definition Type, select Initiative. In the Category filter, select Change Tracking and Inventory to see three policies:

    • Azure Arc-enabled virtual machines

      • Select Enable ChangeTracking and Inventory for Arc-enabled virtual machines.

        Screenshot that shows selecting Azure Arc-enabled virtual machines.

    • Azure Virtual Machine Scale Sets

      • Select Enable ChangeTracking and Inventory for virtual machine scale sets.

        Screenshot that shows selecting Virtual Machine Scale Sets.

    • Virtual machines

      • Select Enable ChangeTracking and Inventory for virtual machines.

        Screenshot that shows selecting virtual machines.

  4. Select Enable ChangeTracking and Inventory for virtual machines to enable Change Tracking on Azure VMs. This step includes three policies. Each policy is determined by the operating system type of the selected machine:

    • Assign Built-In User-Assigned Managed Identity to Virtual Machines

    • Configure ChangeTracking extension for Windows virtual machines

    • Configure ChangeTracking extension for Linux virtual machines

      Screenshot that shows selecting three policies.

  5. Select Assign initiative to assign the policy to a resource group. An example policy is Assign Built-In User-Assigned Managed Identity to Virtual Machines.

    Note

    The resource group contains VMs. When you assign the policy, it enables Change Tracking at scale to a resource group. The VMs that are onboarded to the same resource group automatically have Change Tracking enabled.

  6. On the Enable ChangeTracking and Inventory for virtual machines pane, enter the following options:

    1. On the Basics tab, you can define the scope. Select the ellipsis to configure a scope.
    2. On the Scope pane, enter Subscription and Resource Group values.
    3. On the Parameters tab, select the option in Bring Your Own User-Assigned Managed Identity.
    4. Enter the Data Collection Rule Resource Id value. Learn more about how to obtain the data collection rule resource ID after you create the data collection rule.
    5. Select Review + create.

Related content

  • Last updated on