Redaguoti

Bendrinti naudojant


Migration guidance from Change Tracking and inventory using Log Analytics to Change Tracking and inventory using Azure Monitoring Agent version

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ Azure Arc-enabled servers.

This article provides guidance to move from Change Tracking and Inventory using Log Analytics (LA) version to the Azure Monitoring Agent (AMA) version.

Using the Azure portal, you can migrate from Change Tracking & Inventory with LA agent to Change Tracking & Inventory with AMA and there are two ways to do this migration:

  • Migrate single/multiple VMs from the Virtual Machines page.
  • Migrate multiples VMs on LA version solution within a particular Automation Account.

Note

File Integrity Monitoring (FIM) using Microsoft Defender for Endpoint (MDE) is now currently available. Follow the guidance to migrate from:

Onboarding to Change tracking and inventory using Azure Monitoring Agent

To onboard through Azure portal, follow these steps:

  1. Sign in to the Azure portal and select your virtual machine

  2. Under Operations , select Change tracking.

  3. Select Configure with AMA and in the Configure with Azure monitor agent, provide the Log analytics workspace and select Migrate to initiate the deployment.

    Screenshot of onboarding a single VM to Change tracking and inventory using Azure monitoring agent.

  4. Select Switch to CT&I with AMA to evaluate the incoming events and logs across LA agent and AMA version.

    Screenshot that shows switching between log analytics and Azure Monitoring Agent after a successful migration.

Compare data across Log analytics Agent and Azure Monitoring Agent version

After you complete the onboarding to Change tracking with AMA version, select Switch to CT with AMA on the landing page to switch across the two versions and compare the following events.

Screenshot of data comparison from log analytics to Azure monitoring agent.

For example, if the onboarding to AMA version of service takes place after 3rd November at 6:00 a.m. You can compare the data by keeping consistent filters across parameters like Change Types, Time Range. You can compare incoming logs in Changes section and in the graphical section to be assured on data consistency.

Note

You must compare for the incoming data and logs after the onboarding to AMA version is done.

Obtain Log Analytics Workspace Resource ID

To obtain the Log Analytics Workspace resource ID, follow these steps:

  1. Sign in to Azure portal

  2. In Log Analytics Workspace, select the specific workspace and select Json View.

  3. Copy the Resource ID.

    Screenshot that shows the log analytics workspace ID.

Limitations

For single VM and Automation Account

  1. 100 VMs per Automation Account can be migrated in one instance.
  2. Any VM with > 100 file/registry settings for migration via portal isn't supported now.
  3. Arc VM migration isn't supported with portal, we recommend that you use PowerShell script migration.
  4. For File Content changes-based settings, you have to migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in Track file contents.
  5. Alerts that you configure using the Log Analytics Workspace must be manually configured.

Disable Change tracking using Log Analytics Agent

After you enable management of your virtual machines using Change Tracking and Inventory using Azure Monitoring Agent, you might decide to stop using Change Tracking & Inventory with LA agent version and remove the configuration from the account.

The disable method incorporates the following:

Next steps