Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Get Azure VM and VM Scale Set recommendations based on workload, performance, and budget needs.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
workflows/essential-machine-management/references/emm-overview.md
1# EMM Overview2Essential Machine Management (EMM) simplifies onboarding and configuration of management for Azure VMs and Arc-enabled servers at the subscription level.4## What is EMM?6When you enable a subscription for EMM, all VMs and Arc-enabled servers in that subscription are automatically enrolled and configured with a curated set of management features. Any new VMs added to the subscription are also automatically enrolled.8## Features Included10### Essentials Tier (Always Enabled)12| Feature | Description |14| ------- | ----------- |15| Azure Monitor VM Insights | Monitors VM performance and health, configures metric-based recommended alerts |16| Azure Update Manager | Automates OS update deployment |17| Azure Machine Configuration | Audits Azure security baseline policy |18| Change Tracking & Inventory | Tracks VM configuration changes, maintains resource inventory |19### Security Tier (Optional Add-ons)21| Feature | Description | Cost |23| ------- | ----------- | ---- |24| Foundational CSPM | Agentless, risk-prioritized security posture insights | Free |25| Defender CSPM | Advanced CSPM with attack path analysis | Paid |26| Defender for Cloud | EDR, vulnerability management, file integrity monitoring, threat detection | Paid |27## Pricing29- **Azure VMs:** Essentials tier features at no extra charge31- **Arc-enabled servers with Windows Server SA/PayGo/ESU:** No extra charge32- **Other Arc-enabled servers:** $9/server/month once billing is enabled (future date, currently free in preview)33- **Change Tracking & Inventory logs:** Incur separate Log Analytics ingestion charges34- **Security tier add-ons:** Standard Microsoft Defender pricing applies35## Key Characteristics37- **Subscription-level scope:** Enables for all VMs in a subscription at once39- **No VM exclusion:** Currently no ability to exclude individual VMs40- **Existing services preserved:** If a VM already has Update Manager with a maintenance schedule, it keeps that schedule41- **REST API available:** Official docs focus on the portal experience, but a REST API (`Microsoft.ManagedOps`) is available and used by the Copilot-guided flow42- **Resource type:** `Microsoft.ManagedOps/ManagedOps`43## Documentation Links45- [Essential Machine Management (Preview)](https://learn.microsoft.com/en-us/azure/operations/configuration-enrollment)47- [Troubleshoot EMM](https://learn.microsoft.com/en-us/azure/operations/configuration-enrollment-troubleshoot)48