Edit

Share via

Enable Change Tracking and Inventory at scale for Azure VMs using Azure policy

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ Windows Registry ✔️ Windows Files ✔️ Linux Files ✔️ Windows Software

This article provides detailed procedure on how to enable Azure Change Tracking and Inventory (CTI) at scale using Azure policy.

Prerequisite

Before you enable Azure CTI, ensure you Create a data collection rule (DCR) or use an existing one.

Enable Azure Change Tracking and Inventory at scale

Using the Deploy if not exist (DINE) policy, you can enable Change tracking with Azure Monitor Agent at scale and in the most efficient manner.

  1. Sign in to the Azure portal and select Change Tracking and Inventory.

    Screenshot showing the selection Change Tracking and Inventory from Azure portal.

  2. On the Change Tracking and Inventory Center | Machines pane, under Manage, select Policy.

    Screenshot showing the selection policy from Azure portal.

  3. On the Change Tracking and Inventory Center | Policy pane, under the filter Definition Type, select Initiative and in Category filter, select Change Tracking and Inventory. You'll see a list of three policies:

    Arc-enabled virtual machines

    • Select Enable Change Tracking and Inventory for Arc-enabled virtual machines.

      Screenshot showing the selection of Arc-enabled virtual machines.

    Virtual machines scale sets

    • Select [Preview]: Enable Change Tracking and Inventory for Virtual Machine Scale Sets.

      Screenshot showing the selection of virtual machines scale sets.

    Virtual machines

    • Select Enable Change Tracking and Inventory for virtual machines.

      Screenshot showing the selection of virtual machines.

  4. Select Enable Change Tracking and Inventory for virtual machines to enable the change tracking on Azure virtual machines. This step includes three policies, each determined by the operating system type of the selected machine:

    • Assign Built in User-Assigned Managed identity to Virtual machines

    • Configure ChangeTracking Extension for Windows virtual machines

    • Configure ChangeTracking Extension for Linux virtual machines

      Screenshot showing the selection of three policies.

  5. Select Assign initiative to assign the policy to a resource group. For example, Assign Built in User-Assigned Managed identity to virtual machines.

    Note

    The Resource group contains virtual machines and when you assign the policy, it will enable change tracking at scale to a resource group. The virtual machines that are on-boarded to the same resource group will automatically have the change tracking feature enabled.

  6. On the Enable Change Tracking and Inventory for virtual machines pane, enter the following options:

    1. On the Basics tab, you can define the scope. Select the three dots to configure a scope.
    2. On the Scope pane, provide the Subscription and Resource Group.
    3. On the Parameters tab, select the option in the Bring Your Own User-Assigned Managed Identity.
    4. Provide the Data Collection Rule Resource Id. Learn more on how to obtain the Data Collection Rule Resource ID after you create the Data collection rule.
    5. Select Review + create.

Next steps

Learn more on how to enable Azure CTI at scale using Azure portal.

  • Last updated on