Manage Network Watcher Agent virtual machine extension for Windows
Artikkeli
The Network Watcher Agent virtual machine extension is a requirement for some of Azure Network Watcher features that capture network traffic to diagnose and monitor Azure virtual machines (VMs). For more information, see What is Azure Network Watcher?
In this article, you learn how to install and uninstall Network Watcher Agent for Windows. Installation of the agent doesn't disrupt, or require a reboot of the virtual machine. If the virtual machine is deployed by an Azure service, check the documentation of the service to determine whether or not it permits installing extensions in the virtual machine.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Azure Cloud Shell or Azure PowerShell.
The steps in this article run the Azure PowerShell cmdlets interactively in Azure Cloud Shell. To run the commands in the Cloud Shell, select Open Cloud Shell at the upper-right corner of a code block. Select Copy to copy the code and then paste it into Cloud Shell to run it. You can also run the Cloud Shell from within the Azure portal.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Azure Cloud Shell or Azure CLI.
The steps in this article run the Azure CLI commands interactively in Azure Cloud Shell. To run the commands in the Cloud Shell, select Open Cloud Shell at the upper-right corner of a code block. Select Copy to copy the code, and paste it into Cloud Shell to run it. You can also run the Cloud Shell from within the Azure portal.
You can also install Azure CLI locally to run the commands. If you run Azure CLI locally, sign in to Azure using the az login command.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Azure PowerShell or Azure CLI installed locally to deploy the template.
Network Watcher Agent extension for Windows can be installed on:
Windows Server 2012, 2012 R2, 2016, 2019 and 2022 releases.
Windows 10 and 11 releases.
Note
Currently, Nano Server isn't supported.
Extension schema
The following JSON shows the schema for the Network Watcher Agent extension. The extension doesn't require, or support, any user-supplied settings, and relies on its default configuration.
From the virtual machine page in the Azure portal, you can view the installed extension by following these steps:
Under Settings, select Extensions + applications.
In the Extensions tab, you can see all installed extensions on the virtual machine. If the list is long, you can use the search box to filter the list.
Use Get-AzVMExtension cmdlet to list all installed extensions on the virtual machine:
# List the installed extensions on the virtual machine.
Get-AzVMExtension -ResourceGroupName 'myResourceGroup' -VMName 'myVM' | format-table Name, Publisher, ExtensionType, AutoUpgradeMinorVersion, EnableAutomaticUpgrade
The output of the cmdlet lists the installed extensions:
From the virtual machine page in the Azure portal, you can install the Network Watcher Agent VM extension by following these steps:
Under Settings, select Extensions + applications.
Select + Add and search for Network Watcher Agent and install it. If the extension is already installed, you can see it in the list of extensions.
In the search box of Install an Extension, enter Network Watcher Agent for Windows. Select the extension from the list and select Next.
Select Review + create and then select Create.
Use Set-AzVMExtension cmdlet to install Network Watcher Agent VM extension on the virtual machine:
# Install Network Watcher Agent for Windows on the virtual machine.
Set-AzVMExtension -Name 'AzureNetworkWatcherExtension' -Publisher 'Microsoft.Azure.NetworkWatcher' -ExtensionType 'NetworkWatcherAgentWindows' -EnableAutomaticUpgrade 1 -TypeHandlerVersion '1.4' -ResourceGroupName 'myResourceGroup' -VMName 'myVM'
Once the installation is successfully completed, you see the following output:
RequestId IsSuccessStatusCode StatusCode ReasonPhrase
--------- ------------------- ---------- ------------
True OK
Use az vm extension set command to install Network Watcher Agent VM extension on the virtual machine:
# Install Network Watcher Agent for Windows on the virtual machine.
az vm extension set --name 'NetworkWatcherAgentWindows' --extension-instance-name 'AzureNetworkWatcherExtension' --publisher 'Microsoft.Azure.NetworkWatcher' --enable-auto-upgrade 'true' --version '1.4' --resource-group 'myResourceGroup' --vm-name 'myVM'
Use the following Azure Resource Manager template (ARM template) to install Network Watcher Agent VM extension on a Windows virtual machine: