From 4c11aef803430042ad32c770374f64e135af3ed4 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 10:13:57 -0400 Subject: [PATCH 1/3] update added for auto-upgrade extensions --- checklists/azure_arc_checklist.en.json | 1 + 1 file changed, 1 insertion(+) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index d6b7511c3..2fe655798 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -184,6 +184,7 @@ "description": "Use automatic upgrades where available and define an update strategy for all extensions not supporting automatic upgrades.", "guid": "4c2bd463-cbbb-4c86-a195-abb91a4ed90d", "severity": "High", + "graph": "resources | where type == 'microsoft.hybridcompute/machines/extensions'| extend compliant = (properties.enableAutomaticUpgrade == 'true') | distinct id, compliant", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-automatic-vm-extension-upgrade?tabs=azure-portal" }, { From 194a0dca67d850e0b672b764bd818c14d482aaa9 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 11:33:13 -0400 Subject: [PATCH 2/3] ARG for monitoring on arc machines --- checklists/azure_arc_checklist.en.json | 1 + 1 file changed, 1 insertion(+) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index 2fe655798..e56004738 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -213,6 +213,7 @@ "text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace", "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "severity": "Medium", + "graph": "resources | where type == 'microsoft.hybridcompute/machines' | project arcMachineId = id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.arcMachineId == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project arcMachineId, compliant", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected" }, { From a2a79d7651aca2321e2597f80de38dd47422f1e3 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 12:13:45 -0400 Subject: [PATCH 3/3] update with Saul's recommendation --- checklists/azure_arc_checklist.en.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index e56004738..e46326489 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -184,7 +184,7 @@ "description": "Use automatic upgrades where available and define an update strategy for all extensions not supporting automatic upgrades.", "guid": "4c2bd463-cbbb-4c86-a195-abb91a4ed90d", "severity": "High", - "graph": "resources | where type == 'microsoft.hybridcompute/machines/extensions'| extend compliant = (properties.enableAutomaticUpgrade == 'true') | distinct id, compliant", + "graph": "resources | where type =~ 'microsoft.hybridcompute/machines/extensions'| extend compliant = (properties.enableAutomaticUpgrade == 'true') | distinct id, compliant", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-automatic-vm-extension-upgrade?tabs=azure-portal" }, { @@ -213,7 +213,6 @@ "text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace", "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "severity": "Medium", - "graph": "resources | where type == 'microsoft.hybridcompute/machines' | project arcMachineId = id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.arcMachineId == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project arcMachineId, compliant", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected" }, {