Introduction
Maintaining compliance together with auditing and governance operations becomes essential in the constantly transforming cloud and IT infrastructure environment. The Azure Automation Change Tracking and Inventory solution which uses Azure Monitoring Agent (AMA) enables users to track advanced changes throughout virtual machines running in Azure and on-premises environments or hybrid setups.
This article explains the operations of Change Tracking and Inventory on AMA platforms along with describing the major features and implementation instructions and recommended best practices.
Understanding Change Tracking and Inventory
Azure Automation provides Change Tracking and Inventory which enables system configuration monitoring and change logging for IT administrators. The tracking system enables compliance through its ability to monitor updates made to files and registry keys as well as installed software and Windows services and Linux daemons.
Key Functions
| Feature | Description |
| Change Tracking | Monitors and logs modifications in system files, registry keys, software installations, and service states. It provides timestamps and identifies who made the changes. |
| Inventory | Maintains a list of installed software, OS details, and server configurations. Useful for audits and compliance tracking. |
| Data Collection | Stores data in a Log Analytics workspace, enabling long-term retention and analysis. |
Migration to Azure Monitoring Agent (AMA)
As of August 31 2024 the legacy Log Analytics Agent (MMA) for Change Tracking and Inventory will reach retirement. Organizations need to implement Azure Monitoring Agent (AMA) version v2.20.0.0 or a later release for receiving continued support. The two agents have essential distinctions summarized in the following table.
| Feature | Log Analytics Agent (MMA) | Azure Monitoring Agent (AMA) |
| Multi-homing Support | Limited | Yes |
| Security & Performance | Moderate | Improved |
| Data Collection Rules (DCR) | Not Available | Available |
Enabling Change Tracking and Inventory
Single VM Setup
- Sign in to the Azure portal.
- Navigate to Virtual Machines and select the target VM.
3. In the search bar, enter Change Tracking.
4. Click Enable using AMA Agent (Recommended) and confirm.
5. The deployment procedure starts while requiring a few minutes to finish.
Multiple VM Setup
- Copy the JSON from below website to your clipboard.
2. Search Deploy a custom template in your Azure porta.
3. In the custom deployment landing page, select a template, select Build your own template in the editor.
4. In the Edit template plane, paste saved json and click on Save.
5. Provide Subscription and Resource group where you want to deploy the DCR. The Data Collection Rule Name is not mandatory. The resource group must be same as the resource group associated with the Log Analytic workspace Resource ID chosen here.
6. Click on Review+ Create. Then Create.
7. Go to the DCR created and navigate to the “Resources” blade. Then click on “Add” and add the VMs that you need to enable the Change Tracking and Inventory deployment through policy.
Data Collection & Querying
After enabling Change Tracking you can conduct analysis through Azure Monitor Logs using Kusto Query Language (KQL). The default tracking data collection schedule for various tracked entities is presented in this illustration.
| Change Type | Frequency |
| Windows registry | 50 minutes |
| Windows file | 30-40 minutes |
| Linux file | 15 minutes |
| Windows services | 10-30 minutes |
| Windows software | 30 minutes |
| Linux software | 5 minutes |
| Linux Daemons | 5 minutes |
Best Practices
To maximize the benefits of Change Tracking and Inventory
- Users can enforce Change Tracking through VMs by using Azure Policy.
- Azure Monitor Logs enables users to review logs regularly for detecting anomalies across the system.
- The system can use Azure Monitor alerts to notify admins when critical changes happen.
- Azure Workbooks enables the visual display and reporting of monitored changes.
- Regular updates of AMA guarantee appropriate system compatibility.
Conclusion
The Azure Monitoring Agent (AMA) with Change Tracking and Inventory feature delivers detailed system change analysis for better auditing outcomes and security management. Organizations which make the transition from Log Analytics Agent (MMA) to Azure Monitoring Agent (AMA) receive better security together with increased reliability and improved scalability.
The combination of Azure Policy with Monitor Logs and Workbooks helps organizations make configuration tracking more efficient while maintaining compliance and reducing IT risks present in their systems.
