Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Select, configure, and scale Azure compute resources—VMs, App Service, AKS, and Container Apps
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
workflows/essential-machine-management/references/emm-overview.md
1# EMM Overview2Essential Machine Management (EMM) simplifies onboarding and configuration of management for Azure VMs and Arc-enabled servers at the subscription level.4## What is EMM?6When you enable a subscription for EMM, all VMs and Arc-enabled servers in that subscription are automatically enrolled and configured with a curated set of management features. Any new VMs added to the subscription are also automatically enrolled.8## Features Included10### Essentials Tier (Always Enabled)12| Feature | Description |14| ------- | ----------- |15| Azure Monitor VM Insights | Monitors VM performance and health, configures metric-based recommended alerts |16| Azure Update Manager | Automates OS update deployment |17| Azure Machine Configuration | Audits Azure security baseline policy |18| Change Tracking & Inventory | Tracks VM configuration changes, maintains resource inventory |19### Security Tier (Optional Add-ons)21| Feature | Description | Cost |23| ------- | ----------- | ---- |24| Foundational CSPM | Agentless, risk-prioritized security posture insights | Free |25| Defender CSPM | Advanced CSPM with attack path analysis | Paid |26| Defender for Cloud | EDR, vulnerability management, file integrity monitoring, threat detection | Paid |27## Pricing29- **Azure VMs:** Essentials tier features at no extra charge31- **Arc-enabled servers with Windows Server SA/PayGo/ESU:** No extra charge32- **Other Arc-enabled servers:** $9/server/month once billing is enabled (future date, currently free in preview)33- **Change Tracking & Inventory logs:** Incur separate Log Analytics ingestion charges34- **Security tier add-ons:** Standard Microsoft Defender pricing applies35## Key Characteristics37- **Subscription-level scope:** Enables for all VMs in a subscription at once39- **No VM exclusion:** Currently no ability to exclude individual VMs40- **Existing services preserved:** If a VM already has Update Manager with a maintenance schedule, it keeps that schedule41- **REST API available:** Official docs focus on the portal experience, but a REST API (`Microsoft.ManagedOps`) is available and used by the Copilot-guided flow42- **Resource type:** `Microsoft.ManagedOps/ManagedOps`43## Documentation Links45- [Essential Machine Management (Preview)](https://learn.microsoft.com/en-us/azure/operations/configuration-enrollment)47- [Troubleshoot EMM](https://learn.microsoft.com/en-us/azure/operations/configuration-enrollment-troubleshoot)48