Edit

Share via

Enable Change Tracking at scale using policy

  • Article

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ Windows Registry ✔️ Windows Files ✔️ Linux Files ✔️ Windows Software

This article provides detailed procedure on how you can enable change tracking and inventory at scale using Azure policy.

Prerequisite

Enable Change tracking

Using the Deploy if not exist (DINE) policy, you can enable Change tracking with Azure Monitoring Agent at scale and in the most efficient manner.

  1. In Azure portal, select Change Tracking and Inventory.

    Screenshot showing the selection Change Tracking and Inventory from Azure portal.

  2. In the Change Tracking and Inventory Center | Machines, page, under Manage, select Policy.

    Screenshot showing the selection policy from Azure portal.

  3. In Change Tracking and Inventory Center | Policy page, under the filter Definition Type, select Initiative and in Category filter, select Change Tracking and Inventory. You'll see a list of three policies:

    • Select Enable Change Tracking and Inventory for Arc-enabled virtual machines.

      Screenshot showing the selection of Arc-enabled virtual machines.

  4. Select Enable Change Tracking and Inventory for virtual machines to enable the change tracking on Azure virtual machines. This initiative consists of three policies:

    • Assign Built in User-Assigned Managed identity to Virtual machines

    • Configure ChangeTracking Extension for Windows virtual machines

    • Configure ChangeTracking Extension for Linux virtual machines

      Screenshot showing the selection of three policies.

  5. Select Assign to assign the policy to a resource group. For example, Assign Built in User-Assigned Managed identity to virtual machines.

    Note

    The Resource group contains virtual machines and when you assign the policy, it will enable change tracking at scale to a resource group. The virtual machines that are on-boarded to the same resource group will automatically have the change tracking feature enabled.

  6. In the Enable Change Tracking and Inventory for virtual machines page, enter the following options:

    1. In Basics, you can define the scope. Select the three dots to configure a scope. In the Scope page, provide the Subscription and Resource group.
    2. In Parameters, select the option in the Bring your own user assigned managed identity.
    3. Provide the Data Collection Rule Resource id. Learn more on how to obtain the Data Collection Rule Resource ID after you create the Data collection rule.
    4. Select Review + create.

Next steps