ASC Log Analytics Agent auto-provisioning policy

Occasional Contributor

If I've understood correctly when I flip the switch on auto-provisioning there is a policy (deployIfNotExists) created behind the scenes. I tried going through the policies and could not find it. I only have the Azure Security Benchmark definition assigned and I don't think it includes any 'modify' or 'deployIfNotExists' policies.

Is this policy hidden somewhere? It somewhat bothers me that I don't seem to have visibility on this policy. I have a Linux box that has had a problem with the OmsAgentForLinux VM Extension. I'd like to see if the policy will re-install the extension. 

3 Replies
This one actually is not based on an Azure Policy. There is a background job that goes over all machines without MMA and deploys it.
It isn't? Based on this article it is, but I think you're right. If it is a policy, it's hidden from the users so that we cannot mess with it.

https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#how-do...
Thank you for pointing this out. All other auto-provisioning options, except the ALA at the moment, are based on Azure Policy. We probably need to note this in the docs. Thank you.