Microsoft will retire the Microsoft Monitoring Agent (MMA), also known as the Log Analytics Agent (OMS), on August 31, 2024, and replace it with Azure Monitor Agent (AMA). File Integrity Monitoring (FIM), powered by MMA, will also be deprecated. The AMA offers cost savings, simplified management, and enhanced security and performance features. Continuing to use MMA or OMS beyond retirement will lead to suspension without prior notification, and no support will be available for related issues.
Migrating from Microsoft Monitoring Agent (MMA) to Azure Monitor Agent (AMA) is crucial for continuity and leveraging the latest capabilities in Azure monitoring. This transition is not just a technical necessity but also a strategic move to enhance your cybersecurity posture and cloud security management. Let’s dive into the top seven considerations for a smooth transition.
.svg)
1. Comprehensive Agent Inventory
Create an inventory of all devices currently using MMA across all subscriptions. This helps you understand the migration's full scope and ensures that no device is left out. Accurate inventory is essential for effective cybersecurity solutions, ensuring all endpoints are accounted for. SecureSky provides a no-cost discovery of legacy agents to help you transition smoothly to Azure Monitor Agent (AMA). Contact us today to optimize your migration strategy.
2. Data Categories
Identify where existing agents are sending data (e.g., Log Analytics workspaces or Azure Monitor) and categorize the types of data being sent. This allows you to identify the specific data collection configurations needed for data ingestion via AMA. Proper data categorization aligns with best practices in cloud security and Security Posture Management (CSPM/SSPM).
3. Compatibility and Network Configurations
Ensure that all operating systems currently using MMA are supported by AMA. Identify any agents using a proxy or private endpoint to configure AMA accordingly. This step is crucial for maintaining the integrity of your cybersecurity infrastructure and ensuring compatibility with your existing network configurations.
4. Deployment Strategy
Deploying via Azure Policy is the best practice to ensure newly added devices receive the AMA agent automatically. For environments with a small device footprint (50 devices or fewer), deploying AMA using Data Collection Rules is also effective. When using Azure Policy, consider using a user-managed identity to avoid a high volume of system-managed identities in the environment. This approach is integral to maintaining streamlined management within Managed Detection and Response (MDR) services and managed XDR (eXtended Detection and Response) environments.
5. Data Collection Rule Configuration
Define and associate Data Collection Rules to target devices based on the source data types identified during your inventory. Leverage custom X-Path expressions to define specific events to collect, ensuring only necessary logs are ingested. This configuration is essential for precise application security and effective cloud security posture management.
6. Data Validation
Once Data Collection Rules are associated with AMA agents, data will begin being ingested. Validate that source devices are sending heartbeats to the appropriate analytics workspace along with the expected log data via AMA. Use the "AMA Migration Tracker" and "AMA Migration Helper" workbooks to monitor the migration status. Effective data validation ensures the reliability of your cybersecurity measures and the operational efficiency of your cloud environment.
7. Decommission Legacy Agent
Disable the "Microsoft Monitoring Agent" service on source devices, remove Azure policies and any other methods used to deploy the legacy agent, and uninstall the Log Analytics agent from all machines. Clean up any remaining workspace keys and configuration files, and disable solutions on all workspaces transitioning to AMA. Proper decommissioning is vital to prevent security loopholes and ensure a smooth transition to the new monitoring system.
Leveraging the Benefits of Azure Monitor Agent (AMA) for Your Organization
Migrating to AMA involves these well-planned steps, from inventory and deployment to validation and decommissioning. By focusing on these top seven considerations, you can ensure a smooth and efficient migration, leveraging the advanced features and capabilities of Azure Monitor Agent.
For more information or assistance with your cybersecurity solutions, including a no-cost discovery of legacy agents (step 1 above), reach out to the experts at SecureSky to start a conversation. SecureSky specializes in cloud security, MDR services, and comprehensive cybersecurity solutions to help organizations stay secure in an evolving threat landscape.