Azure Monitor Agent – the new unified client that is replacing MMA (or the Log Analytics agent) – has, up to now, been considered a server agent because of its dependency of the Arc agent. It’s not that AMA wouldn’t install and work on a Windows 10 or Windows 11 workstation, it’s just that it was not supported and would not install without the Arc agent. And it wasn’t really a technical barrier, but instead there were checks and balances in the Windows Installer (MSI) file that verified the existence of the Arc agent before it would install.
Well, that is now changing. Those checks and balances have now been removed.
In public preview, there’s a new MSI file that allows the installation of the AMA on any Windows 10 or Windows 11 system.
This is a huge development for Microsoft Sentinel customers as they can deploy this new agent and take advantage of all its new capabilities, and plan for replacing the old MMA sooner.
NOTE: The Microsoft Sentinel experience has not caught up quite yet. The agent download is not yet available in the Sentinel console and it still says that the Arc client is required. Use the following link to download and test the updated client.
The following link contains all the information, including the download link: Azure Monitor agent on Windows client devices (Preview)
Would you rather hear about this instead of read about it? Check the accompanying Security Rodcast…
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]
You must log in to post a comment.