If you're looking for a basic, easy to follow guide to setup and use the Arc service in Azure, this is the page for you! Follow the steps below to associate a server with Azure Arc and apply a policy to it with Azure Policy.
What You'll Need
O.S. (of a VM you want to integrate with Arc)
Windows = 2012 R2+
Linux = 64bit (all major builds)
Ubuntu 16.04 / 18.04 LTS
CentOS Linux 7
SUSE Linux Enterprise Server 15
Red Hat Enterprise Linux 7
Amazon Linux 2
Permissions (Required to onboard to Arc)
'Azure Connected Machine Onboarding' role + 'Azure Connected Machine Resource Administrator' role (to read, modify or delete a VM)
Note: Most admin accounts are assigned these roles by default
The systems that you want to monitor have to be able to communicate with Arc/Azure
This is made possible using an agent, the agent talks over 443
Services you'll need in Azure
Log Analytics Workspace (storage for the logs)
Azure Cloud Shell - so make sure that's setup first (storage mounted for PowerShell, small cost)
How to Setup
Register Azure Resource Providers
You're going to need to setup two things, Microsoft hybrid compute and guest configuations.
This is done via PowerShell (Azure Cloud Shell) by running the 3 commands below;
az account set --subscription subscription_name1
az provider register --namespace microsoft.hybridcompute
az provider register --namespace microsoft.guestconfiguration
Generate, Download and Run Scripts
You'll need separate scripts for Windows and Linux servers
Go to 'Azure Arc' in the Azure Portal (servers)
Click on 'add'
'add servers using interactive script' 'generate script' (or you can use the 'at-scale' option)
Associate a subscription and Resource Group
Server details, region and O.S.
Tags for the script (if required)
Download and run script in PowerShell to deploy an agent
Note: You might need to 'Set Execution Policy' to run a .PS1
Authenticate - Enter code (You're siginign into the agent)
Check 'Connected' in Azure Arc in the Azure Portal
Using Azure Policy with Arc
Create a Log Analytics Workspace
Sub, RG, Name, Region, Price, 'PayG' (Per GiB), Tags
Create a Policy Assignment
'Assignments', 'Assign a Policy'
Scope = Sub, Exclusions
Policy Definition = Definition Picker (~500 List of available definitions)
For example, 'Log Analytics agent should be installed on your Windows Azure Arc machines'
Enabled or Disabled (Policy enforcement)
Find non-complient machines
Assignments, non-compliant state VM names
Monitoring Virtual Machines
Again, requires a Log Analytics Workspace
Start collecting insights
Servers - Azure Arc (in Azure Portal)
Select one of the servers you have already onboarded/connected to Arc
Click on 'Insights' under 'Monitoring'
'Enable' = Sub and Log Analytics Workspace (New or Existing)
Leave for 5-10 minutes to setup
What Insights Could I Get?
Interaction, Dependencies, Integrations, Mapping
IPs for interactions (Ports in/out), Processes, RPC's, Terminal Services
Analysis / Dashboards - CPU, MB, IOPS