The Azure Monitor Agent (AMA) is a unified data collection agent that replaces legacy agents by gathering monitoring data, such as performance counters and logs, from Azure and hybrid virtual machines. It uses Data Collection Rules (DCRs) to define data sources, transformations, and destinations, allowing for flexible, centralized management of data sent to Azure Monitor for analysis in tools like Microsoft Sentinel and Microsoft Defender for Cloud.
Key Functions and Purpose
Data Collection:
AMA collects operating system data like performance metrics and logs from Windows and Linux machines.
Unified Platform:
It consolidates the data collection capabilities of previous agents, including the Log Analytics agent (MMA) and the Telegraf agent, into a single agent.
Data Delivery:
The data collected by AMA is sent to Azure Monitor, where it can be used by various services.
Hybrid Environments:
The agent supports VMs running in Azure, other clouds, and on-premises, provided it has access to the machine's local data.
How it Works
1. Installation:
The agent is installed on virtual machines and can be done by deploying a Data Collection Rule (DCR) associated with the VM.
2. Data Collection Rules (DCRs):
DCRs are Azure resources that define the data types to be collected, any required transformations, and the specific Azure Monitor data store (like a Log Analytics workspace) where the data should be sent.
3. Data Transmission:
AMA collects data as defined by the assigned DCRs and transmits it to the specified destination within Azure Monitor.
Benefits
Simplified Management: Using DCRs provides a centralized and flexible way to manage data collection policies.
Enhanced Security & Performance: AMA offers improved security and performance capabilities compared to the legacy agents it replaces.
Cost-Effective: More efficient data collection contributes to cost savings
Environments supported
The Azure Monitoring Agent can be used to monitor a variety of environments, including:
Azure VMs: Virtual machines running within the Azure cloud.
Hybrid machines: Servers and VMs located on-premises or in other cloud providers. These machines must have the Azure Arc-enabled servers agent installed first.
Key benefits of the Azure Monitoring Agent
Hybrid and multi-cloud visibility: It allows organizations to consolidate monitoring efforts and gain a single, comprehensive view across Azure resources and on-premises or other cloud environments.
Enhanced security: The agent adheres to security best practices by using managed identity authentication and supporting encryption for data both in transit and at rest.
Flexible data collection: Through Data Collection Rules (DCRs), you can customize the data collected from different sources, which helps reduce cost by ingesting and storing only the necessary data.
Integration with Azure services: The agent seamlessly integrates with other Azure services, such as:
Microsoft Sentinel: A scalable, cloud-native Security Information and Event Management (SIEM) solution.
Microsoft Defender for Cloud: A security management tool.
VM insights: A feature that monitors the performance and health of your VMs.
The Azure Monitor Agent collects monitoring data from the guest operating system of Azure and hybrid virtual machines (VMs). It delivers the data to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. This article gives you an overview of the capabilities and supported use cases for the Azure Monitor Agent.
For a short introduction to the Azure Monitor Agent, including a demo of how to deploy the agent in the Azure portal, see the video ITOps Talk: Azure Monitor AgentThe agent can be installed by using different methods, as described in Install and manage the Azure Monitor Agent. You can install the agent on a single machine or at scale by using Azure Policy or other tools. In some cases, the agent is automatically installed when you enable a feature that requires it, such as Microsoft Sentinel. The automatic installation only occurs when the feature is first enabled. For continued automated installation for new VM deployments a policy should be created and enabled following the instructions here: Using a Policy to Install AMA.
Data collection
The Azure Monitor Agent collects all data by using a data collection rule (DCR). In a DCR, you define the following information:
The data type that's collected
How to transform the data, including filtering, aggregating, and shaping
The destination for collected data
A single DCR can contain multiple data sources of different types. Depending on your requirements, you can choose whether to include several data sources in a few DCRs or create separate DCRs for each data source. If you create separate DCRs for each data source, you can centrally define the logic for different data collection if there are any changes to existing DCRs or associations with new ones.
Информация по комментариям в разработке