ASC Log Analytics Agent auto-provisioning policy

%3CLINGO-SUB%20id%3D%22lingo-sub-2791838%22%20slang%3D%22en-US%22%3EASC%20Log%20Analytics%20Agent%20auto-provisioning%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791838%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20I've%20understood%20correctly%20when%20I%20flip%20the%20switch%20on%20auto-provisioning%20there%20is%20a%20policy%20(deployIfNotExists)%20created%20behind%20the%20scenes.%20I%20tried%20going%20through%20the%20policies%20and%20could%20not%20find%20it.%20I%20only%20have%20the%20Azure%20Security%20Benchmark%20definition%20assigned%20and%20I%20don't%20think%20it%20includes%20any%20'modify'%20or%20'deployIfNotExists'%20policies.%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20this%20policy%20hidden%20somewhere%3F%20It%20somewhat%20bothers%20me%20that%20I%20don't%20seem%20to%20have%20visibility%20on%20this%20policy.%20I%20have%20a%20Linux%20box%20that%20has%20had%20a%20problem%20with%20the%20OmsAgentForLinux%20VM%20Extension.%20I'd%20like%20to%20see%20if%20the%20policy%20will%20re-install%20the%20extension.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2813886%22%20slang%3D%22en-US%22%3ERe%3A%20ASC%20Log%20Analytics%20Agent%20auto-provisioning%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813886%22%20slang%3D%22en-US%22%3EThis%20one%20actually%20is%20not%20based%20on%20an%20Azure%20Policy.%20There%20is%20a%20background%20job%20that%20goes%20over%20all%20machines%20without%20MMA%20and%20deploys%20it.%3C%2FLINGO-BODY%3E
Occasional Contributor

If I've understood correctly when I flip the switch on auto-provisioning there is a policy (deployIfNotExists) created behind the scenes. I tried going through the policies and could not find it. I only have the Azure Security Benchmark definition assigned and I don't think it includes any 'modify' or 'deployIfNotExists' policies.

Is this policy hidden somewhere? It somewhat bothers me that I don't seem to have visibility on this policy. I have a Linux box that has had a problem with the OmsAgentForLinux VM Extension. I'd like to see if the policy will re-install the extension. 

3 Replies
This one actually is not based on an Azure Policy. There is a background job that goes over all machines without MMA and deploys it.
It isn't? Based on this article it is, but I think you're right. If it is a policy, it's hidden from the users so that we cannot mess with it.

https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#how-do...
Thank you for pointing this out. All other auto-provisioning options, except the ALA at the moment, are based on Azure Policy. We probably need to note this in the docs. Thank you.