MicrosoftDocs
diff --git a/‎articles/azure-change-tracking-inventory/TOC.yml‎
Lines changed: 28 additions & 0 deletions b/‎articles/azure-change-tracking-inventory/TOC.yml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎articles/azure-change-tracking-inventory/change-tracking-inventory-support-matrix.md‎
Lines changed: 182 additions & 0 deletions b/‎articles/azure-change-tracking-inventory/change-tracking-inventory-support-matrix.md‎
Lines changed: 182 additions & 0 deletions
diff --git a/‎articles/azure-change-tracking-inventory/create-data-collection-rule.md‎
Lines changed: 56 additions & 0 deletions b/‎articles/azure-change-tracking-inventory/create-data-collection-rule.md‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎articles/azure-change-tracking-inventory/disable-azure-change-tracking-inventory-monitoring-agent.md‎
Lines changed: 52 additions & 0 deletions b/‎articles/azure-change-tracking-inventory/disable-azure-change-tracking-inventory-monitoring-agent.md‎
Lines changed: 52 additions & 0 deletions
@@ -0,0 +1,28 @@
+- name: Azure Change Tracking and Inventory documentation
+  href: index.yml
+- name: Overview
+  href: overview-monitoring-agent.md
+- name: Get started  
+  items:
+    - name: Azure Change Tracking and Inventory release notes
+      href: extension-version-details.md
+    - name: Support matrix for Azure Change Tracking and Inventory
+      href: change-tracking-inventory-support-matrix.md
+- name: Quickstarts
+  items:
+    - name: Enable Azure Change Tracking and Inventory
+      href: quickstart-monitor-changes-collect-inventory-azure-change-tracking-inventory.md
+- name: Tutorials
+  items:
+    - name: Change a workspace and configure Data Collection Rule
+      href: tutorial-change-workspace-configure-data-collection-rule.md
+- name: Manage Change Tracking and Inventory
+  items:
+    - name: Create Data Collection Rule
+      href: create-data-collection-rule.md
+    - name: Enable Azure CTI at scale using Azure portal
+      href: enable-change-tracking-at-scale-machines-blade.md
+    - name: Enable Azure CTI at scale using Azure policy
+      href: enable-change-tracking-at-scale-policy.md
+    - name: Disable Change Tracking and Inventory
+      href: disable-azure-change-tracking-inventory-monitoring-agent.md
@@ -0,0 +1,182 @@
+---
+title: Azure Change Tracking and Inventory Support matrix
+description: Get a summary of support settings and limitations for enabling Azure CTI and tracking changes.
+services: automation
+ms.date: 11/06/2025
+ms.topic: overview
+ms.service: azure-change-tracking-inventory
+ms.author: v-jasmineme
+author: jasminemehndir
+#customer intent: As a customer, I want to understand the supported operating systems and identify the supported regions for Azure Change Tracking and Inventory so that I can ensure compatibility with my environment.
+---
+
+# Support matrix and regions for Azure Change Tracking and Inventory
+
+Azure Change Tracking and Inventory (CTI) monitors changes and provide inventory logs for servers across Azure, on-premises, and other cloud environments. This article summarizes support settings and limitations when you enable Azure CTI and track changes. It also provides information about the supported regions and mappings for Azure CTI using Azure Monitoring Agent.
+
+## Support matrix
+
+|**Component**| **Applies to**|
+|---|---|
+|Operating systems| Windows </br> Linux | 
+|Resource types | Azure VMs </br> Azure Arc-enabled VMs </br> Virtual machines scale set|
+|Data types | Windows registry </br> Windows services </br> Linux Daemons </br> Files </br> Software
+
+## Limits
+
+The following table shows the tracked item limits per machine for Azure CTI.
+
+| **Resource** | **Limit**| **Notes** |
+|---|---|---|
+|File|500||
+|File size|5 MB||
+|Registry|250||
+|Windows software|250|Doesn't include software updates.|
+|Linux packages|1,250||
+|Windows Services |250||
+|Linux Daemons | 250|| 
+
+## Supported operating systems
+
+Azure CTI is supported on all operating systems that meet Azure Monitor agent requirements. See [supported operating systems](/azure/azure-monitor/agents/agents-overview#supported-operating-systems) for a list of the Windows and Linux operating system versions that are currently supported by the Azure Monitor agent.
+
+To understand client requirements for TLS, see [TLS for Azure Automation](../automation/automation-managing-data.md#tls-for-azure-automation).
+
+## Recursion support
+
+Azure CTI supports recursion, which allows you to specify wildcards to simplify tracking across directories. Recursion also provides environment variables to allow you to track files across environments with multiple or dynamic drive names. The following list includes common information you should know when configuring recursion:
+
+- Wildcards are required for tracking multiple files.
+
+- You can use wildcards only in the last segment of a file path, for example, **c:\folder\\file*** or **/etc/*.conf**.
+
+- If an environment variable has an invalid path, validation succeeds but the path fails during execution.
+
+- You should avoid general path names when setting the path, as this type of setting can cause too many folders to be traversed.
+
+## Change Tracking and Inventory data collection
+
+The next table shows the data collection frequency for the types of changes supported by Azure CTI. Inventory logs will be populated every 10 hours by default for all data types. Additionally, when there is a change registered for any of the data types, the inventory and change logs will be generated for this instance.
+
+| **Change Type** | **Frequency** |
+| --- | --- |
+| Windows registry | 50 minutes |
+| Windows file | 30 to 40 minutes |
+| Linux file | 15 minutes |
+| Windows services | 10 minutes to 30 minutes</br> Default: 30 minutes |
+| Windows software | 30 minutes |
+| Linux software | 5 minutes |
+| Linux Daemons | 5 minutes | 
+
+The following table shows the tracked item limits per machine for Azure CTI.
+
+| **Resource** | **Limit** |
+|---|---|
+|File|500|
+|Registry|250|
+|Windows software (not including hotfixes) |250|
+|Linux packages|1250|
+|Windows Services | 250 |
+|Linux Daemons| 500| 
+
+### Windows services data
+
+#### Prerequisites
+
+To enable tracking of Windows Services data, you must upgrade CT extension and use extension more than or equal to 2.11.0.0
+
+#### For Windows Azure VMs
+
+```powershell-interactive
+- az vm extension set --publisher Microsoft.Azure.ChangeTrackingAndInventory --version 2.11.0 --ids /subscriptions/<subscriptionids>/resourceGroups/<resourcegroupname>/providers/Microsoft.Compute/virtualMachines/<vmname> --name ChangeTracking-Windows --enable-auto-upgrade true
+```
+#### For Linux Azure VMs
+
+```powershell-interactive
+– az vm extension set --publisher Microsoft.Azure.ChangeTrackingAndInventory --version 2.11.0 --ids /subscriptions/<subscriptionids>/resourceGroups/<resourcegroupname>/providers/Microsoft.Compute/virtualMachines/<vmname> --name ChangeTracking-Linux --enable-auto-upgrade true
+```
+#### For Arc-enabled Windows VMs
+
+```powershell-interactive
+– az connectedmachine extension create --name ChangeTracking-Windows --publisher Microsoft.Azure.ChangeTrackingAndInventory --type ChangeTracking-Windows --machine-name <arc-server-name> --resource-group <resource-group-name> --location <arc-server-location> --enable-auto-upgrade true
+```
+
+#### For Arc-enabled Linux VMs
+
+```powershell-interactive
+- az connectedmachine extension create --name ChangeTracking-Linux --publisher Microsoft.Azure.ChangeTrackingAndInventory --type ChangeTracking-Linux --machine-name <arc-server-name> --resource-group <resource-group-name> --location <arc-server-location> --enable-auto-upgrade true
+```
+
+#### Configure frequency
+
+The default collection frequency for Windows services is 30 minutes. To configure the frequency, under **Edit** Settings, use a slider on the **Windows services** tab.
+
+:::image type="content" source="media/overview-monitoring-agent/frequency-slider-inline.png" alt-text="Screenshot of frequency slider." lightbox="media/overview-monitoring-agent/frequency-slider-expanded.png":::
+
+## Current limitations
+
+Azure CTI using Azure Monitoring Agent doesn't support or has the following limitations:
+
+- Recursion for Windows registry tracking
+- Currently, only the HKEY_LOCAL_MACHINE is supported. You will encounter this limitation whenever you manually add the registry key.
+- Network file systems
+- Different installation methods
+- ***.exe** files stored on Windows
+- The **Max File Size** column and values are unused in the current implementation.
+- If you are tracking file changes, it is limited to a file size of 5 MB or less. 
+- If the file size appears >1.25MB, then FileContentChecksum is incorrect due to memory constraints in the checksum calculation.
+- If you try to collect more than 2500 files in a 30-minute collection cycle, Azure CTI performance might be degraded.
+- If network traffic is high, change records can take up to six hours to display.
+- If you modify a configuration while a machine or server is shut down, it might post changes belonging to the previous configuration.
+- Collecting Hotfix updates on Windows Server 2016 Core RS3 machines.
+- Linux daemons might show a changed state even though no change has occurred. This issue arises because of how the `SvcRunLevels` data in the Azure Monitor [ConfigurationChange](/azure/azure-monitor/reference/tables/configurationchange) table is written. 
+- Change Tracking extension doesn't support any hardening standards for any Linux operating systems or Distros.
+- Change Tracking extension doesn't support inventory for Microsoft store applications for any Windows operating systems or Distros.
+
+
+## Support for alerts on configuration state
+
+A key capability of Azure CTI is alerting on changes to the configuration state of your hybrid environment. Many useful actions are available to trigger in response to alerts. For example, actions on Azure functions, Automation runbooks, webhooks, and the like. Alerting on changes to the **c:\windows\system32\drivers\etc\hosts** file for a machine is one good application of alerts for Azure CTI data. There are many more scenarios for alerting as well, including the query scenarios defined in the next table.
+
+|Query  |Description  |
+|---------|---------|
+|ConfigurationChange <br>&#124; where ConfigChangeType == "Files" and FileSystemPath contains " c:\\windows\\system32\\drivers\\"|Useful for tracking changes to system-critical files.|
+|ConfigurationChange <br>&#124; where FieldsChanged contains "FileContentChecksum" and FileSystemPath == "c:\\windows\\system32\\drivers\\etc\\hosts"|Useful for tracking modifications to key configuration files.|
+|ConfigurationChange <br>&#124; where ConfigChangeType == "WindowsServices" and SvcName contains "w3svc" and SvcState == "Stopped"|Useful for tracking changes to system-critical services.|
+|ConfigurationChange <br>&#124; where ConfigChangeType == "Daemons" and SvcName contains "ssh" and SvcState!= "Running"|Useful for tracking changes to system-critical services.|
+|ConfigurationChange <br>&#124; where ConfigChangeType == "Software" and ChangeCategory == "Added"|Useful for environments that need locked-down software configurations.|
+|ConfigurationData <br>&#124; where SoftwareName contains "Monitoring Agent" and CurrentVersion!= "8.0.11081.0"|Useful for seeing which machines have outdated or noncompliant software version installed. This query reports the last reported configuration state, but doesn't report changes.|
+|ConfigurationChange <br>&#124; where RegistryKey == @"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat"| Useful for tracking changes to crucial antivirus keys.|
+|ConfigurationChange <br>&#124; where RegistryKey contains @"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy"| Useful for tracking changes to firewall settings.|
+
+## Supported regions and mappings for Change Tracking and Inventory with Azure Monitoring Agent
+
+The following table lists the supported regions and mappings:
+
+|**Geography**| **Monitoring Agent workspace region**|
+|---| ---|
+|**Asia Pacific**| East Asia </br> Southeast Asia|
+|**Australia**| Australia East </br> Australia Southeast |
+|**Brazil**| Brazil South|
+|**Canada**| Canada Central|
+|**Europe**| North Europe </br> West Europe|
+|**France**| France Central|
+|**Germany** | Germany West Central|
+|**India**| Central India|
+|**Italy**| Italy North|
+|**Japan**| Japan East|
+|**Korea**| Korea Central|
+|**Norway**| Norway East|
+|**Spain**| Spain Central|
+|**Sweden** | Sweden Central|
+|**Switzerland**| Switzerland North|
+|**United Arab Emirates**| UAE North|
+|**United Kingdom**| UK South|
+|**US Gov** <sup>1</sup>| US Gov Virginia </br> US Gov Arizona |
+|**US**| East US</br> East US2</br> West US </br> West US2 </br> North Central US </br> Central US </br> South Central US </br> West Central US|
+
+<sup>1</sup> Currently, onboarding is supported only through the Azure portal.
+
+## Next steps
+
+To enable Azure CTI from the Azure portal, see [Quickstart: Enable Azure Change Tracking and Inventory](/azure/azure-change-tracking-inventory/quickstart-monitor-changes-collect-inventory-azure-change-tracking-inventory).
@@ -0,0 +1,56 @@
+---
+title: Create Data Collection Rule for Azure Change Tracking and Inventory
+description: Learn how to create a data collection rule (DCR) for Azure Change Tracking and Inventory.
+#customer intent: As a customer, I want to create a Data Collection Rule (DCR) for Azure Change Tracking and Inventory so that I can collect and manage data effectively.
+services: automation
+ms.date: 11/06/2025
+ms.topic: how-to
+ms.service: azure-change-tracking-inventory
+ms.author: v-jasmineme
+author: jasminemehndir
+ms.custom: sfi-image-nochange
+---
+
+# Create data collection rule for Azure Change Tracking and Inventory
+
+When you enable Change Tracking in the Azure portal using the Azure Monitoring Agent (AMA), the process automatically creates a Data Collection Rule (DCR). This rule will appear in the resource group with a name in the format ct-dcr-aaaaaaaaa. After the rule is created, add the required resources.
+
+This article explains how to explicitly create a Data Collection Rule for Azure Change Tracking and Inventory (CTI).
+
+To enable Azure CTI from the Azure portal, see [Quickstart: Enable Azure Change Tracking and Inventory](quickstart-monitor-changes-collect-inventory-azure-change-tracking-inventory.md).
+
+## Create DCR
+
+A DCR defines what data to collect from sources, how to transform it, and where to send it (like Log Analytics).
+
+To create a DCR, follow these steps: 
+
+1. Download [CtDcrCreation.json](../automation/change-tracking/change-tracking-data-collection-rule-creation.md) file on your machine.
+1. Sign in to the [Azure portal](https://portal.azure.com) and in the search bar, enter *Deploy a custom template*.
+1. On the **Custom deployment** pane > **select a template** tab > select **Build your own template in the editor**.
+   :::image type="content" source="media/create-data-collection-rule/build-template.png" alt-text="Screenshot to get started with building a template.":::
+1. Select **Save** to proceed to the next tab.
+1. On the **Basics** tab > select **Edit template**, select **Load file** to upload the *CtDcrCreation.json* file.
+1. Select **Save**.
+1. On the **Basics** tab, provide **Subscription** and **Resource group** where you want to deploy the Data Collection Rule. The **Data Collection Rule Name** is optional.
+
+   :::image type="content" source="media/create-data-collection-rule/build-template-basics.png" alt-text="Screenshot to provide subscription and resource group details to deploy data collection rule.":::
+   
+   >[!NOTE]
+   >- The resource group must be same as the resource group associated with the Log Analytic workspace ID chosen here.
+   >- Ensure that the name of your Data Collection Rule is unique in that resource group, else the deployment will overwrite the existing Data Collection Rule.
+   >- The Log Analytics Workspace Resource ID specifies the Azure resource ID of the Log Analytics workspace used to store change tracking data. Ensure that location of workspace is from the [Change tracking supported regions](../automation/how-to/region-mappings.md)
+
+1. Select **Next : Review + create >**.
+1. On the **Review + create** tab > Select **Create** to initiate the deployment of *CtDcrCreation*.
+1. After the deployment is complete, select **CtDcr-Deployment** to see the DCR Name. Use the **Resource ID** of the newly created Data Collection Rule for Azure CTI deployment through policy.
+ 
+   :::image type="content" source="media/create-data-collection-rule/deployment-confirmation.png" alt-text="Screenshot of deployment notification.":::
+
+> [!NOTE]
+> After creating the Data Collection Rule using the Azure Monitoring Agent's change tracking schema, ensure that you don't add any Data Sources to this rule. This can cause Azure CTI to fail. You must only add new Resources in this section.
+
+## Next steps
+
+- For detailed information on how to create the DCR, see [Create DCR](../azure-change-tracking-inventory/create-data-collection-rule.md).
+- To troubleshoot general problems with the feature, see [Troubleshoot Azure CTI issues](../automation/troubleshoot/change-tracking.md).
@@ -0,0 +1,52 @@
+---
+title: Disable Change Tracking and Inventory in Azure using Azure Monitoring Agent
+description: Learn how to disable Change Tracking and Inventory using Azure Monitoring Agent (AMA) from your Azure virtual machines.
+#customer intent: As a customer, I want to disassociate a Data Collection Rule (DCR) from a virtual machine so that I can disable its association with Change Tracking.
+services: automation
+ms.custom: linux-related-content
+ms.date: 11/06/2025
+ms.topic: how-to
+ms.service: azure-change-tracking-inventory
+ms.author: v-jasmineme
+author: jasminemehndir
+---
+
+# Disable Change Tracking and Inventory with Azure Monitoring Agent
+
+**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: Windows Registry :heavy_check_mark: Windows Files :heavy_check_mark: Linux Files :heavy_check_mark: Windows Software
+
+This article describes how to disable change tracking and inventory with AMA.
+
+## Disable Change Tracking from a VM
+
+To disable change tracking with Azure Monitoring Agent from a virtual machine, you must first disassociate the DCR and then uninstall Azure CTI. Follow these steps:
+
+### Disassociate Data Collection Rule (DCR) from a VM
+
+To disassociate DCR from a VM, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com), select **Virtual Machines** and in the search bar, select the specific Virtual Machine. 
+1. On the **Virtual Machine** pane, under **Operations**, select **Change tracking**. Alternatively, in the search bar, enter **Change tracking** and select it from the results.
+1. Select **Settings** > **DCR** to view all the virtual machines associated with the DCR.
+1. Select the VM for which you want to disable the DCR.
+1. Select **Delete**.
+
+   :::image type="content" source="media/disable-azure-change-tracking-monitoring-agent/disable-data-collection-rule-inline.png" alt-text="Screenshot of selecting a VM to dissociate the DCR from the VM." lightbox="media/disable-azure-change-tracking-monitoring-agent/disable-data-collection-rule-expanded.png":::
+
+   A notification appears asking to confirm the disassociation of the DCR for the selected VM.
+
+### Uninstall change tracking extension
+
+To uninstall change tracking extension, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com), select **Virtual Machines** and in the search bar, select the VM for which you have already disassociated the DCR.
+1. On the **Virtual Machines** pane, under **Settings**, select **Extensions + applications**.
+1. On the **VM |Extensions + applications** pane, under **Extensions** tab, select **MicrosoftAzureChangeTrackingAndInventoryChangeTracking-Windows/Linux**.
+
+   :::image type="content" source="media/disable-azure-change-tracking-monitoring-agent/uninstall-extensions-inline.png" alt-text="Screenshot of selecting the extension for a VM that is already disassociated from the DCR." lightbox="media/disable-azure-change-tracking-monitoring-agent/uninstall-extensions-expanded.png":::
+
+1. Select **Uninstall**.
+
+## Next steps
+
+To learn how to migrate from CTI using Log Analytics version to the Azure Monitoring Agent version, see [Migrate from Change Tracking and Inventory using Log Analytics to Azure Monitoring Agent](../automation/change-tracking/guidance-migration-log-analytics-monitoring-agent.md).