able to install Azure monitor Agent installation without enabling any managed identity(system or user)
I am able to install Azure monitor Agent installation without enabling any managed identity(system or user) on a Virtual Machine through below powershell cmdlet
System-Assigned:
Set-AzVMExtension
-Name AzureMonitorWindowsAgent
-ExtensionType AzureMonitorWindowsAgent
-Publisher Microsoft.Azure.Monitor
-ResourceGroupName <resource-group-name>
-VMName <virtual-machine-name>
-Location <location>
-TypeHandlerVersion <version-number>
-EnableAutomaticUpgrade $true
-SettingString '{"authentication":{"managedIdentity":{"identifier-name":"mi_res_id","identifier-value":"/subscriptions/<my-subscription-id>/resourceGroups/<my-resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<my-user-assigned-identity>"}}}
User-Assigned:
Set-AzVMExtension
-Name AzureMonitorWindowsAgent
-ExtensionType AzureMonitorWindowsAgent
-Publisher Microsoft.Azure.Monitor
-ResourceGroupName <resource-group-name>
-VMName <virtual-machine-name>
-Location <location>
-TypeHandlerVersion <version-number>
-EnableAutomaticUpgrade $true
I have used both of the above powershell cmdlets on a set of VMs and did not assigned any system or user assigned managed identity but If I run the power shell script I am still able tp install the agent and no change is reflecting in identity section of VM.
Can someone help me understand the AMA installation process if I am getting in wrong direction.
I have built powershell script using below documentation https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal
able to install Azure monitor Agent installation without enabling any managed identity(system or user)
If you are able to install the Azure Monitor Agent without enabling the System Managed Identity or User Managed Identity, it may be because you are logged in with a user account, not an identity authentication.
The Set-AzVMExtension command will work with user authentication as well.
In your case, make sure to check whether you are logged in with a user account by using Get-AzContext before executing the Set-AzVMExtension command.
To log in with an identity for installing the Agent on a VM, you need to enable the identity inside the VM, assign the role of Virtual Machine Contributor or Azure Connected Machine Resource Administrator, and log in with the identity using the commands below
Connect using a Managed Identity ,Refer this link for authentication via managed identity in VM
Connect-AzAccount -Identity
Set-AzContext -Subscription Subscription1
Connect using a User Managed Identity Refer this Link for authentication via user managed identity in VM.
Connect-AzAccount -Identity -AccountId $identity.ClientId
In my case, I installed the agent without enabling identity in VM and installed it using user authentication.
Set-AzVMExtension -Name AzureMonitorWindowsAgent -ExtensionType AzureMonitorWindowsAgent -Publisher Microsoft.Azure.Monitor -ResourceGroupName Venkat -VMName venkatvm -Location "East US" -TypeHandlerVersion "1.1" -EnableAutomaticUpgrade $true
Output:
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions