Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: Azure Automanage Machine Best Practices description: Learn about the Azure Automanage machine best practices for services that are automatically onboarded and configured for you. author: mmccrory ms.service: azure-automanage ms.topic: concept-article ms.date: 12/10/2021 ms.author: memccror # Customer intent: As a cloud administrator, I want to implement Azure Automanage best practices for virtual machines, so that I can ensure optimal configuration, automation, and monitoring of my cloud resources while preparing for upcoming service changes. --- # Azure Automanage for virtual machines best practices > [!CAUTION] > On September 30, 2027, the Azure Automanage Best Practices service will be retired. As a result, attempting to create a new configuration profile or onboarding a new subscription to the service will result in an error. Learn more [here](https://aka.ms/automanagemigration/) about how to migrate to Azure Policy before that date. > [!CAUTION] > Starting February 1st 2025, Azure Automanage will begin rolling out changes to halt support and enforcement for all services dependent on the deprecated Microsoft Monitoring Agent (MMA). To continue using Change Tracking and Management, VM Insights, Update Management, and Azure Automation, [migrate to the new Azure Monitor Agent (AMA)](https://aka.ms/mma-to-ama/). These Azure services are automatically onboarded for you when you use Automanage. They are essential to our best practices white paper, which you can find in our [Cloud Adoption Framework](/azure/cloud-adoption-framework/manage/azure-server-management). For all of these services, we will auto-onboard, auto-configure, monitor for drift, and mediate if drift is detected. To learn more about this process, see [Azure Automanage for virtual machines](overview-about.md). ## Participating services | Service | Description | Profiles Supported¹ | Preferences supported¹ | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | --------------------------------- | | VM Insights Monitoring | Azure Monitor for VMs monitors the performance and health of your virtual machines, including their running processes and dependencies on other resources. Learn [more](/azure/azure-monitor/vm/vminsights-overview). | Azure VM Best Practices – Production | No | | Backup | Azure Backup provides independent and isolated backups to guard against unintended destruction of the data on your VMs. Learn [more](../backup/backup-azure-vms-introduction.md). Charges are based on the number and size of VMs being protected. Learn [more](https://azure.microsoft.com/pricing/details/backup/). | Azure VM Best Practices – Production | Yes | | Microsoft Defender for Cloud | Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud. Learn [more](/azure/defender-for-cloud/defender-for-cloud-introduction). Automanage will configure the subscription where your VM resides to the free-tier offering of Microsoft Defender for Cloud. If your subscription is already onboarded to Microsoft Defender for Cloud, then automanaged will not reconfigure it. | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | No | | Microsoft Antimalware | Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. Learn [more](../security/fundamentals/antimalware.md). | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | Yes | | Update Management | You can use Update Management in Azure Automation to manage operating system updates for your virtual machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers. Learn [more](../automation/update-management/overview.md). | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | No | | Change Tracking & Inventory | Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items. Learn [more](../automation/change-tracking/overview.md). | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | No | | Guest configuration | Guest configuration is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the [Windows security baselines](/windows/security/threat-protection/windows-security-baselines) using the guest configuration extension. Learn [more](../governance/machine-configuration/overview.md). | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | No | | Azure Automation Account | Azure Automation supports management throughout the lifecycle of your infrastructure and applications. Learn [more](../automation/automation-intro.md). | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | No | | Log Analytics Workspace | Azure Monitor stores log data in a Log Analytics workspace, which is an Azure resource and a container where data is collected, aggregated, and serves as an administrative boundary. Learn [more](/azure/azure-monitor/logs/log-analytics-workspace-overview). | Azure VM Best Practices – Production, Azure VM Best Practices – Dev/Test | No | ¹ Configuration profiles are available when you are enabling Automanage. Learn [more](overview-about.md). You can also adjust the default settings of the configuration profile and set your own preferences within the best practices constraints. ## Next steps Try enabling Automanage for virtual machines in the Azure portal. > [!div class="nextstepaction"] > [Enable Automanage for virtual machines in the Azure portal](quick-create-virtual-machines-portal.md)