As you may know, Azure provides a quite powerful monitoring solution for your Azure environment as well your on-premises one called Azure Log Analytics.
This Log Analytics capability is also used by Azure Security Center to centralize security-related logs.
The use of Azure Log Analytics requires to have a local agent (Log Analytics Agent, also known as MMA [Microsoft Monitoring Agent]) to be deployed on your virtual machines. Depending of your provisioning process – either on-premises or on Azure – this agent may be forgotten in the deployment steps.
While there are multiple options to deploy it (ARM template on Azure, SCCM, manual or scripting), you can now also apply an Azure policy to ensure the Monitoring Agent is being deployed; which applies on both virtual machine and VMSS (Virtual Machine Scale Sets).
To enable and configure the policy connect to your Azure portal (https://portal.azure.com) and select Policy.
Then reach the Definitions configuration and search for deploy log.
Then edit the policy you want to deploy and Assign it to be able to define the Log Analytics workspace to use; you need to have first define the Scope of course.
NOTE you can also use a similar policy to deploy the Dependency Agent also known as Service Map by searching deploy dependency.