Remove Azure ‘Monitored Object’

May 5, 2023 Azure No comments

When installing the Azure Monitor agent on Windows client devices, you are required to create a ‘Monitored Object’. This creates a representation for the Azure AD tenant within Azure Resource Manager (ARM). This ARM entity is what Data Collection Rules are then associated with. This Monitored Object needs to be created only once for any number of machines in a single AAD tenant.

The provided Powershell script in the MS Learn article will help you add the required role to the account you’re using to perform this operation. This is provided you granted “Elevate access to manage all Azure subscriptions and management groups“. If you ommited that step, you will receive an error executing the script. If you try to manually add that role to your account, you’ll find that this role does not exist in the Azure Portal list or RBAC roles. This needs to be done through REST API or Powershell

Furthermore it will create the ‘Monitored Object’ as mentioned in the beginning of the article. This is were you need to pay attention to the variables at the different sections in the script. If you, like me, assumed all variables were at the beginning of the script, you’ll find yourself creating the ‘Monitored Object’ in location ‘eastus‘, which is the default location. This is were my search began to remove an Azure Monitored Object. This object does not ‘live’ in the visible area of the Azure Portal.

In order to remove this ‘Monitored Oject’, you need to open the Azure API Playground. An application like ‘Postman‘ would do the same. But this link will just work fine, if playing around with REST API is not your daily routine.

To remove both the ‘Association’ and ‘Monitored object (in that order), create a request at the API Playground. Use ‘Get’ to display current objects and ‘Delete’ to delete them. Replace the variable in the lines of code below with the ones you have used.

providers/Microsoft.Insights/monitoredObjects/%TenantID%/providers/Microsoft.Insights/dataCollectionRuleAssociations/%assocvariable%?api-version=2021-09-01-preview

Select ‘Delete’ in the dropdown box and the above line of code in the box next to it and hit ‘Execute’

and do the same for:

providers/Microsoft.Insights/monitoredObjects/%TenantID%?api-version=2021-09-01-preview

When both objects are deleted, you can rerun the script with the correct variables.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.