Merge pull request #292548 from SnehaSudhirG/02Jan-CTMigration

ttorble · web-flow · commit b3058c6db0d3 · 2025-01-06T10:06:34.000Z
edited as per the new info
diff --git a/articles/automation/change-tracking/guidance-migration-log-analytics-monitoring-agent.md b/articles/automation/change-tracking/guidance-migration-log-analytics-monitoring-agent.md
@@ -5,7 +5,7 @@ author: snehasudhirG
 services: automation
 ms.subservice: change-inventory-management
 ms.topic: how-to
-ms.date: 10/10/2024
+ms.date: 01/03/2025
 ms.author: sudhirsneha
 ms.custom:
 ms.service: azure-automation
@@ -19,8 +19,16 @@ This article provides guidance to move from Change Tracking and Inventory using
 
 Using the Azure portal, you can migrate from Change Tracking & Inventory with LA agent to Change Tracking & Inventory with AMA and there are two ways to do this migration: 
 
-- Migrate single/multiple VMs from the Virtual Machines page.
-- Migrate multiples VMs on LA version solution within a particular Automation Account.
+- Migrate single/multiple machines from the Azure Virtual Machines page or Machines-Azure Arc page.
+- Migrate multiple Virtual Machines on LA version solution within a particular Automation Account.
+
+Additionally, you can use a script to migrate all Virtual Machines and Arc-enabled non-Azure machines at a Log Analytics workspace level from LA version solution to Change Tracking and Inventory with AMA. This isn't possible using the Azure portal experience mentioned above.
+
+The script allows you to also migrate to the same workspace. If you are migrating to the same workspace then, the script will remove the LA(MMA/OMS) Agent from your machines. This may cause the other solutions to stop working. We therefore, recommend that you plan the migration accordingly. For example, first migrate other solution and then proceed with Change Tracking migration.
+
+> [!NOTE]
+> The removal doesn't work on MMA agents that were installed using the MSI installer. It only works on VM/Arc VM extensions.
+
 
 > [!NOTE]
 > File Integrity Monitoring (FIM) using [Microsoft Defender for Endpoint (MDE)](/azure/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint) is now currently available. Follow the guidance to migrate from:
@@ -74,79 +82,61 @@ To onboard through Azure portal, follow these steps:
 
 1. Select the specific Arc machine with Change Tracking V1 enabled that needs to be migrated to Change Tracking V2.
 
-1. Select **Migrate to Change Tracking with AMA** and in the **Configure with Azure monitor agent**,  provide the resource id in the **Log analytics workspace** and select **Migrate** to initiate the deployment.
+1. Select **Migrate to Change Tracking with AMA** and in the **Configure with Azure monitor agent**,  provide the resource ID in the **Log analytics workspace** and select **Migrate** to initiate the deployment.
 
    :::image type="content" source="media/guidance-migration-log-analytics-monitoring-agent/onboarding-single-arc-vm.png" alt-text="Screenshot of onboarding a single Arc VM to Change tracking and inventory using Azure monitoring agent." lightbox="media/guidance-migration-log-analytics-monitoring-agent/onboarding-single-arc-vm.png":::
 
 1. Select **Manage Activity log connection** to evaluate the incoming events and logs across LA agent and AMA version.
 
-### [Arc-enabled VMs - PowerShell script](#tab/ps-policy)
-
-To onboard Arc-enabled VMs, follow the steps:
+### [Log Analytics Workspace - PowerShell Script ](#tab/ps-policy)
 
 #### Prerequisites
 
-- Ensure you have PowerShell installed. The latest version of PowerShell 7 or higher is recommended. Follow the steps to [Install PowerShell on Windows, Linux, and macOS](/powershell/scripting/install/installing-powershell).
-- Obtain Read access for the specified workspace resources.
+- Ensure you have PowerShell installed on the machine where you are planning to execute the script.
+    - The script cannot be executed on Azure Cloud Shell.
+    -  The latest version of PowerShell 7 or higher is recommended. Follow the steps to [Install PowerShell on Windows, Linux, and macOS](/powershell/scripting/install/installing-powershell).
+- Obtain Write access for the specified workspace and machine resources.
 - [Install the latest version of the Az PowerShell module](/powershell/azure/install-azure-powershell). The **Az.Accounts** and **Az.OperationalInsights** modules are required to pull workspace agent configuration information.
 - Ensure you have Azure credentials to run `Connect-AzAccount` and `Select-AzContext` which set the script's context.
-Follow these steps to migrate using scripts.
+
+Follow these steps to migrate using scripts:
 
 #### Migration guidance
 
-1. Install the [script](https://github.com/mayguptMSFT/AzureMonitorCommunity/blob/master/Azure%20Services/Azure%20Monitor/Agents/Migration%20Tools/DCR%20Config%20Generator/CTDcrGenerator/CTWorkSpaceSettingstoDCR.ps1) and run it to conduct migrations. The script does the following:
+- The [script](https://github.com/Azure/ChangeTrackingAndInventory/blob/main/MigrateToChangeTrackingAndInventoryUsingAMA/CTAndIMigrationFromMMAToAMA.ps1) will migrate all Azure Machines and Arc enabled Non-Azure Machines onboarded to LA Agent Change Tracking solution for the Input Log Analytics Workspace to the Change Tracking using AMA agent for the Output Log Analytics Workspace. 
 
-    1. It ensures the new workspace resource ID is different from the one associated with the Change Tracking and Inventory using the LA version.
+- The script provides the ability to migrate using the same workspace, that is Input and Output Log Analytics Workspaces are the same. However, it will then remove the LA (MMA/OMS) agents from the machines.
 
-    1. It migrates the settings for the following data types:
-       - Windows Services
-       - Linux Files
-       - Windows Files
-       - Windows Registry
-       - Linux Daemons
+- The script migrates the settings for the following data types:
+    - Windows services
+    - Linux files
+    - Windows files
+    - Windows registry
+    - Linux Daemons
       
-    1. The script consists of the following **Parameters**  that require an input from you. 
-
-      **Parameter** | **Required** | **Description** |
-      --- | --- | --- |
-      `InputWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Log Analytics. |
-      `OutputWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Azure Monitoring Agent. |
-      `OutputDCRName`| Yes | Custom name of the new DCR created. |
-      `OutputDCRLocation`| Yes | Azure location of the output workspace ID. |
-      `OutputDCRTemplateFolderPath`| Yes | Folder path where DCR templates are created. |
-
-1. A DCR template is generated when you run the above script and the template is available in `OutputDCRTemplateFolderPath`. You have to associate the new DCR to transfer the settings to the Change Tracking and Inventory using AMA.
-
-   1. Sign in to [Azure portal](https://portal.azure.com) and go to **Monitor** and under **Settings**, select **Data Collection Rules**.
-   1. Select the data collection rule that you have created in Step 1 from the listing page.
-   1. In the data collection rule page, under **Configurations**, select **Resources** and then select **Add**.
-   1. In the Select a scope, from Resource types, select Machines-Azure Arc that is connected to the subscription and then select Apply to associate the ctdcr created in Step 1 to the Arc-enabled machine and it will also install the Azure Monitoring Agent extension. For more information, see [Enable Change Tracking and Inventory - for Arc-enabled VMs - using portal/CLI](enable-vms-monitoring-agent.md#enable-change-tracking-and-inventory).
- 
-   Install the Change Tracking extension as per the OS type for the Arc-enabled VM.
-    
-   **Linux**
-       
-   ```azurecli
-   az connectedmachine extension create  --name ChangeTracking-Linux  --publisher Microsoft.Azure.ChangeTrackingAndInventory --type-handler-version 2.20  --type ChangeTracking-Linux  --machine-name XYZ --resource-group XYZ-RG  --location X --enable-auto-upgrade
-   ```
-
-   **Windows**
-
-   ```azurecli
-   az connectedmachine extension create  --name ChangeTracking-Windows  --publisher Microsoft.Azure.ChangeTrackingAndInventory --type-handler-version 2.20  --type ChangeTracking-Windows  --machine-name XYZ --resource-group XYZ-RG  --location X --enable-auto-upgrade
-   ```   
-
-   If the CT logs table schema does not exist, the script mentioned in Step 1 will fail. To troubleshoot, run the following script - 
-
-    ```azurepowershell-interactive
-
-    $psWorkspace = Get-AzOperationalInsightsWorkspace -ResourceGroupName $resourceGroup -Name $laws
- 	 # Enabling CT solution on LA ws
-	 New-AzMonitorLogAnalyticsSolution -Type ChangeTracking -ResourceGroupName $resourceGroup -Location $psWorkspace.Location -WorkspaceResourceId $psWorkspace.ResourceId
-    ```
+- The script consists of the following **Parameters**  that require an input from you. 
+
+   **Parameter** | **Required** | **Description** |
+   --- | --- | --- |
+   `InputLogAnalyticsWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Log Analytics. |
+   `OutputLogAnalyticsWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Azure Monitoring Agent. |
+   `OutputDCRName`| Yes | Custom name of the new DCR to be created. |
+   `OutputVerbose`| No | Optional. Input $true for verbose logs. |
+   `AzureEnvironment`| Yes | Folder path where DCR templates are created. |
+
+- In Details, the script does the following:
+
+   1. Get list of all Azure and Arc Onboarded Non-Azure machines onboarded to Input Log Analytics Workspace for Change Tracking solution using MMA Agent. 
+   1. Create the Data Collection Rule (DCR) ARM template by fetching the files, services, tracking & registry settings configured in the legacy solution and translating them to equivalent settings for the latest solution using AMA Agent and Change Tracking Extensions for the Output Log Analytics Workspace. 
+   1. Deploy Change Tracking solution ARM template to Output Log Analytics Workspace. This is done only if migration to the same workspace is not done. The output workspace requires the legacy solution to create the log analytics tables for Change Tracking like ConfigurationChange & ConfigurationData. The deployment name will be DeployCTSolution_CTMig_{GUID} and it will be in same resource group as Output Log Analytics Workspace. 
+   1. Deploy the DCR ARM template created in Step 2. The deployment name will be OutputDCRName_CTMig_{GUID} and it will be in same resource group as Output Log Analytics Workspace. The DCR will be created in the same location as the Output Log Analytics Workspace. 
+   1. Removes MMA Agent from machines list populated in Step 1. This is done only if migration to the same workspace is carried out. Machines which have the MMA agent installed via the MSI, will not have the MMA agent removed. It will be removed only if the MMA Agent was installed as an extension. 
+   1. Assign DCR to machines and install AMA Agent and CT Extensions. The deployment name of it will be MachineName_CTMig and it will be in same resource group as the machine. 
+       - Assign the DCR deployed in Step 4 to all machines populated in Step 1. 
+       - Install the AMA Agent to all machines populated in Step 1.  
+       - Install the CT Agent to all machines populated in Step 1. 
 ---
 
-
 ### Compare data across Log analytics Agent and Azure Monitoring Agent version
 
 After you complete the onboarding to Change tracking with AMA version, select **Switch to CT with AMA** on the landing page to switch across the two versions and compare the following events.
@@ -175,17 +165,13 @@ To obtain the Log Analytics Workspace resource ID, follow these steps:
 
 **For single VM and Automation Account**
 
-1. 100 VMs per Automation Account can be migrated in one instance.
-1. Any VM with > 100 file/registry settings for migration via portal isn't supported now.
-1. Arc VM migration isn't supported with portal, we recommend that you use PowerShell script migration.
 1. For File Content changes-based settings, you have to migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in [Track file contents](manage-change-tracking-monitoring-agent.md#configure-file-content-changes).
-1. Alerts that you configure using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
+1. If migration to different workspace is carried out, then alerts configured using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
 
 ### [Using PowerShell script](#tab/limit-policy)
 
-1. For File Content changes-based settings, you must migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in [Track file contents](manage-change-tracking.md#track-file-contents).
-1. Any VM with > 100 file/registry settings for migration via Azure portal isn't supported.
-1. Alerts that you configure using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
+1. For File Content changes-based settings, you have to migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in [Track file contents](manage-change-tracking-monitoring-agent.md#configure-file-content-changes).
+1. If migration to different workspace is carried out, then alerts configured using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
 
 ---
 
