Announcing public preview: Azure Change Tracking & Inventory using Azure Monitor agent (AMA)

SvenAelterman thanks for your message, things have indeed changed since my first message. The DCR that needs to be created is not the same at all.
So I started again the configuration for this feature to work and it is working now.

MarcVDH I don't know about the time when you asked the question, but at this time, you can use Inventory and Change Tracking with AMA (in preview) with Azure Arc machines.

I first created a DCR by enabling change tracking in the Azure Portal for an Azure VM. Then, I used Azure Policy to configure change tracking via AMA and provided the DCR.

Hello,

Is Change Tracking and Inventory also available for Arc onboarded machines ?

When i try to enable one of these feature for an Arc machine, it only shows me the configuration for Log analytics :

I have no way to chose the AMA configuration.

Thanks

Marc

2nd for an ETA on the release of services tracking? It's a bit annoying to be pushed towards this agent in documentation, only to find that one of the key functionalities of the tech it is replacing is (i.e., monitoring critical services in VMs!) is not ready yet... I understand it's in preview, but if we're being actively pointed towards a new technology, a transparent comparison of what's there and what isn't in the docs would be appreciated! 

Hi Swatidevgan ,

Could you confirm support for change tracking on Windows Service state, or is it still in progress? I have tried to follow the docs to the letter, I could even track certain software changes and they appeared as expected but I was expecting to catch Windows Service state change for a custom windows service, but the change tracking using AMA didn't pick it up. I did this with the Log Analytics agent using the automation account (MMA) which did indeed pick it up. If this is still in progress could you provide any ETA for release preview?

Thanks!

Hello Everyone,

In response to the above queries, We have worked to provide a mechanism to create a CT DCR before enabling the policy. We recommend the customers to first create a DCR using this mechanism followed by enabling the policy as mentioned in the documentation. The steps to create a CT DCR are documented here - Enable Azure Automation Change Tracking for single machine and multiple machines from the portal. | Microsoft Learn.

Hope this is helpful.

ryandifrancesco   Unfortunately no.  That is the ID I'm using, as it seemed to be the only one present in the tenant, so i took a shot!   Interestingly enough, all of mine show as compliant, but nothing works.  Very strange that there seems to be no internal guidance on this either, the documentation is lacking as well.

Dustin_Halvorsondid you ever get this policy fully working?  It's not clear from any documentation, but I found the ID by searching in the portal for "DCR" and it showed a result for the default DCR that was somehow created automatically.  Click on that result and then view the JSON and there you'll find the long string for that resource ID.

My issue is that while I can successfully create this policy, my VM fail the compliance check for the "[Preview]: Configure ChangeTracking Extension for Windows virtual machines" policy.  The non-compliance reason:

• Reason for non-compliance = Current value must be equal to the target value.
• Current value = "AzureMonitorWindowsAgent
• Target value = "ChangeTracking-Windows"

In creating the policy for this, its asking for the ID of a data collection rule.  Whats the definition of the rule if we dont have it created in our environment?