MicrosoftImportant to note, while the above post describes enabling AMA with a DCR for Windows Event Logs, the process is quite different for VM Insights.
To use policy to deploy VM Insights with the AMA agent, you first need to Enable monitoring on the first VM in a subscription, in order for VM Insights to create the DCR with the correct stream for VM Insights. If you create the DCR manually and try to add using Azure Policy the VM Insights will not stream to the Log Analytics Workspace, and your CPU, RAM etc will not show in the monitoring graphs.
When I tried this scenario in my lab, I enabled VM Insights in Azure Monitor on one VM, then used the Resource ID of the DCR just like Paul did to configure the Azure Policy. Once configured, all future VMs were assigned to the DCR and VM Insights were captured.
As stated before, you cannot create the DCR manually, you also cannot change the DCR or add Windows Event logs to it. You must create a second DCR with the Windows Logs, and assign the VMs to it. There is a Many-to-one relationship for DCRs to VMs.
I also found when enabling VM Insights through monitoring that it didn't like using a Log Analytics Workspace in a different subscription. When enabling, the wheel keeps spinning, nothing gets configured and it doesn't appear to timeout either.
https://learn.microsoft.com/en-us/azure/azure-monitor/vm/vminsights-enable-overview#data-collection-rule
