Category Archives: Log Analytics

Azure management services and System Center: What's New in April 2019

Microsoft announces constantly news about Azure management services and System Center. Our community releases on a monthly basis this summary that provides a general overview of the main new features of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

Azure Log Analytics

Agent

This month the new version ofLog Analytics agent for Linux systems fixes important bugs and improves stability. To obtain the updated version of the Log Analytics agent you can access to the official GitHub page.

Figure 1 – News of the new release of Log Analytics agent

Availability in new regions

The availability of Azure Log Analytics has been extended into three new regions: France Central, Korea Central, and North Europe. Furthermore, it can be activated in preview in the following regions: Central US, East US 2, East Asia, West US and South Central US.

Azure Automation

New features in Azure Update Management

Azure Management Update added the option to have as a target of patch deployment groups of virtual machines, generated by queries that rely on native Azure concepts (such as resource group, location, and tags). The virtual machines can be added dynamically to existing patch deployment based on defined criteria.

System Center Configuration Manager

End of support for SCCM 2007 and FEP 2010

Please note that the support for System Center Configuration Manager 2007 and Forefront Endpoint Protection (FEP) 2010 end on 9 July 2019. After this date will be discontinued by Microsoft: updates (security and non), assisted support and for FEP Microsoft will no longer releases antivirus signatures and engine updates. For those who are using these products it is time to consider switching to the latest version of SCCM.

New releases for the Technical Preview Branch

Released version 1903

For Configuration Manager was released the update 1903 and among other changes was the ability to use a new tool for cost estimates for the deployment of cloud management gateway.

Figure 2 – SCCM Clooud Cost Estimator

For full details of what's new in this release you can consult this document.

Released version 1904

For Configuration Manager was also released the update 1904 which includes new dashboards to identify the devices ready to be upgraded to Office 365 ProPlus.

To verify the details about what's new in this update you can see this document.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

Support for Windows Server 2012 and for SCOM 2019

After the release of SCOM 2019, Microsoft has decided to change the support statement to allow even the monitor of systems Windows Server 2012. To see the full list of System requirements for System Center Operations Manager 2019 you can consult this document.

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Security in the cloud with Azure Sentinel solution

Microsoft recently announced a new cloud solution called Azure Sentinel. It is a service that aims to expand the capabilities and potential of the products SIEM (Security Information and Event Management) traditional, going to use the power of the cloud and artificial intelligence to be able to quickly identify and manage security threats affecting your infrastructure. This article lists the main features of the solution.

Azure Sentinel is a solution that allows real-time analysis of security events and information generated within their own hybrid infrastructure, from server, applications, devices and users. It is a cloud-based service, it follows that one can easily scale and have high-speed processing of information, without the need to implement and manage a dedicated infrastructure, to intercept potential security threats.

Azure Sentinel service can be activated directly from the Azure Portal:

Figure 1 - Creation of service Azure Sentinel

Operating principles of Azure Sentinel

Collect data within the infrastructure

Azure Sentinel leans to Azure Monitor that, using the proven and scalable repository of Log Analytics, is able to accommodate a high volume of data, which it is possible to process them effectively thanks to an engine that ensures high performance.

Figure 2 - Adding Azure Sentinel to an existing Log Analytics workspace

With Azure Sentinel you can aggregate different security data from many sources, using the appropriate connectors embedded in the solution. Azure Sentinel is able to connect, in addition to the different platform solutions, even the most widespread and popular network solutions of third-party vendors, including Palo Alto Networks, F5, Symantec, Fortinet and Check Point. Azure Sentinel also has a native integration with logs that meet the standard formats, as common event and syslog.

Figure 3 -Data Connectors

Using this solution, you also have the ability to easily import data from Microsoft Office 365 and combine them with other security data, in order to get a detailed analysis of your environment and have visibility into the entire sequence of an attack.

Figure 4 – Office 365 Connector

Azure Sentinel also integrates with’Microsoft Graph Security API, which allows you to import your own threat intelligence feeds and customize detection rules of potential security incidents and notification.

Analyze and quickly identify the threats by using artificial intelligence

Azure Sentinel uses scalable machine learning algorithms, able to correlate a high amount of security data, to present to the analyst only potential security incidents, all with a high level of reliability. Thanks to this mechanism Azure Sentinel differs from other SIEM solutions, adopting traditional correlation engines, drastically reducing noise and consequently the effort for the analysis required in detecting threats.

Figure 5 – Azure Sentinel Overview

After enabling the Data Collectors required, you will begin to receive data in the workspace of Log Analytics and setting up ofAlert Rules, it can generateCases to report potential security threats. For more details on how to detect threats with Azure Sentinel, see the Microsoft's official documentation.

Investigate suspicious security activities

The data processed by the solution can be found using the dashboards, customizable to suit your needs. Dashboards allow you to conduct investigations by reducing the time needed to understand the scope of an attack and its impact.

Figure 6 – Dashboards available in Azure Sentinel

Figure 7 – Azure Network Watcher dashboard

If security threats are detected, against the Alert Rules set, it is generated a Case, for which you can set the severity, the status and its assignment.

Figure 8 – Cases

Using the console, you can proceed with the investigation of the case:

Figure 9 – Case Investigation

In the same dashboard you can also perform actions. Proactive research activities of suspicious transactions are a fundamental aspect for security analysts, that with Azure Sentinel can be made through two specific features that allow you to automate the analysis: search query (hunting queries) and Azure Notebooks (based on notebook Jupyter), that are constantly updated.

Figure 10 – Hunting queries

Figure 11 -Example of an Azure Notebook

Automate common tasks and response to threats

Azure Sentinel provides the ability to automate and orchestrate the response to common problems, so you don't have to manually perform repetitive tasks. By means of predefined and customizable playbooks you can quickly respond to security threats.

Figure 12 – Alert playbooks

Figure 13 – Logic Apps Designer

Microsoft also announced that more defense and investigation tools will be integrated in the solution increased.

Conclusions

Azure Sentinel is a complete solution that provides native SIEM in the cloud and introduces significant benefits over traditional SIEM solutions, which require to sustain high costs for the maintenance of the infrastructure and for data processing. Azure Sentinel enables customers to simplify the tasks required to maintain high security in the infrastructure and to scale gradually to suit your needs, providing a wide integration with third party solutions.

Azure management services and System Center: What's New in March 2019

In March there have been several news announced by Microsoft on the Azure management services and System Center. In this summary, that we report on a monthly basis, there are listed all the main news, accompanied by the necessary references to be able to conduct further studies.

Azure Monitor

Availability in Central Canada and UK South

The new service that allows you to monitor the virtual machines, called Azure Monitor for VMsis also available in Central Canada and UK South.

Azure Log Analytics

Availability in new regions

Azure Log Analytics is now available in the regions of Azure China, Australia East and Central Australia. It is also available in Public Preview in the following regions: France Central, Korea Central and North Europe.

Azure Site Recovery

Support for storage accounts protected with firewall rules

In Azure Site Recovery was introduced support for storage accounts that are configured with firewall rules for the Virtual Networks, in replication scenarios from VMware or physical systems to Azure.

Support for managed disks in replication scenarios with VMWare and physical systems

Azure Site Recovery now supports disaster recovery of VMware virtual machines and physical systems, replicating directly towards the managed disks. This avoids creating and managing different storage accounts target for the replica of these systems. The on-premises data are sended to a cache storage account in the target region and written in managed disk by Site Recovery.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 35 which it addresses several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB 4494485.

Azure Backup

In Azure Backup was officially released the functionality to back up the SQL Server installed in Azure IaaS virtual machines.

Figure 1 – Azure Backup Features for SQL Server in Azure VMs

Among the benefits of this solution there are:

  • Recovery Point Objective (RPO) of 15 minutes
  • Point-in-time restores: to make easy and rapid the recovery operations of the DBs.
  • Long-term retention: ability to keep backups for years.
  • Protection of encrypted databases: chance to make the backup of encrypted SQL databases and safely keep via an encryption at rest integrated into the solution. All backup and restore operations are managed by role-based access control mechanism.
  • Auto-protection: is handled automatically the detection and the protection of new databases.
  • Management and monitoring: allows to carry out a centralized management and monitoring the protection status of the systems.
  • Cost savings: are not required infrastructure costs and allows to easily scale to meet your needs.

System Center

Released System Center 2019

The main novelty regarding System Center is the release in general availability of the major release of System Center 2019. This is the release belonging to the long term servicing channel (LTSC) that will be supported for 10 years and that introduces full support for Windows Server 2019.

Starting from this release, Microsoft has decided to change the System Center product release policies. There will be no more releases in the Semi-Annual Channel (SAC) and new features, before the next release Long-Term Servicing Channel (LTSC), can be obtained via Update Rollup.

System Center 2019 supports upgrade from the two recent Semi-Annual Channel releases (SAC), System Center 1801 and System Center 1807 as well as System Center 2016.

Customers who have a valid license of System Center 2019 can download it from the Volume Licensing Service Center (VLSC).

Among the main features of System Center 2019 we find:

Virtual Machine Manager

  • Integration in VMM with Azure Update Management simplifies patching of virtual machines
  • Dynamic Storage Optimization in VMM enables higher availability of workloads
  • VMM now provides health and operational status of storage disks in Hyper Converged as well as disaggregated deployment
  • New RBAC role in VMM ensures that IT admins can be provided access commensurate with their role and no more
  • Support for latest versions of VMware in VMM (to enable migration to Hyper-V)

Operations Manager

  • SCOM supports integration with Azure services – Dependency Map (Service Map) provides comprehensive visibility of dependencies across servers along with health.
  • Azure Management Pack integrates alerts and performance metrics for Azure resources in SCOM
  • Along with modernized and extensible SCOM web console, subscriptions and notifications are now modernized with support for HTML based email
  • Maintenance schedules in SCOM with SQL server AlwaysOn
  • Update and recommendations for Linux workloads enables discovery of up-to-date MPs for Linux environments
  • Linux monitoring is now resilient to SCOM management server failover
  • All Windows Server Management Packs now support Windows Server 2019

Data Protection Manager

  • Faster backups with DPM with a 75% increase in speed and a monitoring experience for key backup parameters via Log Analytics.
  • DPM further supports backup of VMWare VMs including to tape

More news

  • Orchestrator supports PowerShellv4 +
  • Service Manager has an enhanced AD connector
  • Support for service logon across the System Center suite aligning with security best practices

More information about it can be consulted in the article System Center 2019 is now in general availability.

System Center Configuration Manager

Released version 1902 for the Current Branch

There are many new features in this release designed to enrich and improve different features of the solution. To get the complete list of new features introduced with this build, you can consult this official document. The transition to version 1902 can be done by following the installation checklist, at the end of which it is appropriate to continue with the Checklist post-update.

System Center Operations Manager

Management Packs

Following, are reported the news about the SCOM Management Packs:

  • System Center Management Pack for Message Queuing version 7.1.10242.0
  • System Center Management Pack for Microsoft Azure Stack version 1.0.3.11
  • System Center Management Pack for SharePoint Server 2019 version 16.0.11426.3000

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure management services and System Center: What's New in February 2019

The month of February was full of news and there are different updates that affected the Azure management services and System Center. This article summarizes to have a comprehensive overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Azure Monitor

Multi-resource support for metric alerts

With this new feature, you can configure a single metric alert rule to monitor:

  • A list of virtual machines in an Azure region.
  • All virtual machines in one or more resource groups in an Azure region.
  • All virtual machines of a subscription, present in a given Azure region.

Azure Automation

The runbook Update Azure Modules is open source

Azure Automation allows you to update the Azure PowerShell modules imported into an automation account with the latest versions available in the PowerShell Gallery. This possibility is provided through the actionUpdate Azure Moduleson the page Modules of the Automation Account, and is implemented through a hidden runbook. In order to improve diagnostics and troubleshooting activity and provide the ability to customize the module, this has been made open source.

Support for the Azure PowerShell module Az

Azure Automation introduces support for the PowerShell module Az, thanks to which you can use the updated Azure modules within runbooks, to manage the various Azure services.

Azure Log Analytics

New version of the agent for Linux

This month the new OMS Agent version for Linux systems solves a specific bug during installation. To obtain the updated OMS agent version you can access at the official GitHub page.

Availability in new region of Azure

It is possible to activate a Log Analytics workspace also in the Azure regions of West US 2, Australia East and Central Australia. In this way the data is kept and processed in this regions.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 33 introducing new versions of the following components:

  • Microsoft Azure Site Recovery Unified Setup (version 9.22.5109.1): used for replication scenarios from VMware to Azure.
  • Microsoft Azure Site Recovery Provider (version 5.1.3900.0): used for replication scenarios from Hyper-V to Azure or to a secondary site.
  • Microsoft Azure Recovery Services Agent (version 2.0.9155.0): used for replication scenarios from Hyper-V to Azure.

The installation of this update rollup is possible on all systems running Microsoft Azure Site Recovery Service providers, by including:

  • Microsoft Azure Site Recovery Provider for System Center Virtual Machine Manager (3.3.x. x).
  • Microsoft Azure Site Recovery Hyper-V Provider (4.6.x. x).
  • Microsoft Azure Site Recovery Provider (5.1.3500.0) and later.

The Update Rollup 33 for Microsoft Azure Site Recovery Unified Setup applies to all systems that have installed the version 9.17.4860.1 or later.

For more information on the issues resolved, on improvements from this Update Rollup and to get the procedure for its installation is possible to consult thespecific KB 4489582.

Protection of Storage Space Direct cluster

In Azure Site Recovery (ASR) is introduced, with the Update Rollup 33, also the support for the protection of Storage Space Direct cluster, used to realize Guest Cluster in Azure environment.

Azure Backup

In Azure Backup has been released the feature of Instant Restorefor the virtual machines in Azure, that allows using the stored snapshots for the VMs recovery. Also it is given the option to configure the time of retention for the snapshots in the backup policy (from one to five days, the default is two days). This increases control over the protection of the resources, adapting it to specific requirements and depending on the criticality of the same.

Figure 1 – Retention period of the snapshot

System Center Configuration Manager

Released versions 1902 and 1902.2 for the Technical Preview Branch

Among the main new features of this release is included the ability to manage more effectively the restart notifications on systems managed by Configuration Manager.

For full details of what's new in this release you can consult this document. Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

Management Packs

Following, are reported the news about the SCOM Management Packs:

  • Microsoft System Center 2016 Management Pack for Microsoft Azure version 1.6.0.7
  • Microsoft System Center Management Pack for SQL Server 2017+ Reporting Services version 7.0.12.0
  • Log Analytics Management Pack forSCOM 1801 version7.3.13288.0 and SCOM 2016 version7.2.12074.0
  • System Center Management Pack for Windows DNS Server version 10.0.9.3

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Windows Server 2019: introduction to System Insights

In Windows Server 2019 has been included a new feature called System Insights which it introduces natively in the operating system predictive capabilities. Thanks to an accurate analysis that occurs locally to the system, based on a machine learning model, is able to provide, with a high level of reliability, forecasts of problematic conditions that may occur in the Windows Server environment. This article shows how to enable this feature and the main features of the solution.

Install System Insights

System Insights in Windows Server 2019, does not require specific installation requirements, and can be activated on physical or virtual systems, so the Hypervisor or cloud platform on which reside agnostic. Installation is simple and can be done using one of the following ways:

  • Through Windows Admin Center.

Figure 1 – Enabling System Insights through Windows Admin Center

  • With PowerShell, using the command “Add-WindowsFeature System-Insights-IncludeManagementTools”
  • Adding the feature System-Insights by using Server Manager.

Using System Insights

After installation, you can proceed by configuring the desired settings for forecasts of the CPU capacity, the use of networking and storage consumption.

Figure 2 – Weather forecast available

System Insights is able to provide the results of the analyses carried out and their predictions after some hours of activation.

The possible states that can be assumed by all forecast are as follows:

Figure 3 – Possible States

For each estimate available you can select the scheduling of when it performed:

Figure 4 – Prediction scheduling

In addition, you can configure scripts that are executed when returning a specific status code, useful to take corrective actions automatically.

Figure 5 – Actions to be taken against certain States

Each type of capacity can also be invoked manually in a forced manner via the button Invoke.

By selecting the different available forecasts, you can view the detailed information.

Figure 6 – CPU usage example

Figure 7 - Sample of Critical status for the consumption of space on the volume E:

Figure 8 – Details that bring the prediction on the exhaustion of space in the next 7 days

System Insights is able to provide this predictive information based on machine-learning models, analyzing different elements such as performance counters and events. All data are collected and analyzed locally to the machine, without iterations with elements in the cloud and with a non-significant resource consumption. Using PowerShell, you have the ability to aggregate the results of System Insights from multiple virtual machines. In that regard, it shows a sample script to aggregate the results of multiple systems.

Figure 9 – Sample PowerShell script for aggregating data from System Insights

This approach can be useful for a small number of systems, but if you want to have an overview of this information for more complex environments, you can bring together the information of System Insights in a workspace of Azure Log Analytics. To do this, simply set up your Log Analytics workspace to also collect events generated by System Insight (Microsoft-Windows-System-Insights/Admin):

Figure 10 – Configuration of the workspace of Log Analytics

In this way you can easily generate the Rule to be notified based on specific queries.

Figure 11 – System Insights event ID

Figure 12 -Example of a query that is used in a Rule

Conclusions

For system administrators, the instrument System Insight is useful and easy to use, enabling you to predict several problematic conditions that may occur on your Windows Server, all in a fully integrated manner in the operating system. With this feature you can achieve greater continuity of service and a reduction of the time required to clear error conditions.

OMS and System Center: What's New in December 2018

In December have been announced, by Microsoft, a significant number of news regarding Azure management services and System Center. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

Azure Monitor

The service Azure Monitor for containers is now available to monitor the health and performance of Kubernetes cluster hosted on Azure Kubernetes Service (AKS). Azure Monitor for containers gives you complete visibility on the performance, collecting metrics on memory and processor of controllers, of the nodes and containers. Also collects the logs of containers. After you enable the monitor for Kubernetes clusters, metrics and logs are automatically collected by a Log Analytics agent version for containers for Linux and stored in a workspace of Log Analytics.

Over the past few months solutions of monitoring, management and security, available from the Operations Management Suite (OMS), have been incorporated into the Azure Portal. Starting from 15 January 2019 the OMS portal will be permanently withdrawn and you will need to use the Azure portal. Before this date you should complete the following steps:

For more details you can refer to this Microsoft's document.

Azure Log Analytics, now part of Azure Monitor, is now available in the Azure region of West US 2.

In January by selecting views and Log Analytics solutions, you will use the new Azure Monitor Logs UX, that provides a query editor more functional and improvements in views.

Azure Site Recovery

For Azure Site Recovery was released theUpdate Rollup 31 introducing new versions of the following components:

  • Microsoft Azure Site Recovery Unified Setup (version: 9.20.5051.1): used for replication scenarios from VMware to Azure.
  • Microsoft Azure Site Recovery Provider (version 5.1.3700.0): used for replication scenarios from Hyper-V to Azure or to a secondary site.
  • Microsoft Azure Recovery Services Agent (version 2.0.9144.0): used for replication scenarios from Hyper-V to Azure.

The installation of this update rollup is possible on all systems running Microsoft Azure Site Recovery Service providers, by including:

  • Microsoft Azure Site Recovery Provider for System Center Virtual Machine Manager (3.3.x. x).
  • Microsoft Azure Site Recovery Hyper-V Provider (4.6.x. x).
  • Microsoft Azure Site Recovery Provider (5.1.3300.0) and later.

The Update Rollup 31 for Microsoft Azure Site Recovery Unified Setup applies to all systems that have installed the version 9.16.4860.1 or later.

For more information on the issues resolved, on improvements from this Update Rollup and to get the procedure for its installation is possible to consult the specific KB 4478871.

In Azure Site Recovery is also introduced the ability to update the Mobility Agent installed aboard Azure virtual machines, in the replication scenario of VMs in Azure. Whereas Azure Site Recovery releases an update that introduces new features and enhancements every month, the ability to maintain automatically updated infrastructure is especially convenient. These updates do not require restarting the virtual machines and have no impact on the systems replication. By enabling automatic update, the process takes place via a runbook, within an automation account, created in the same subscription of the vault. By dafult the runbook runs at 12:00 AM, but the schedule can be changed at will.

Figure 1 - Enablng automatic update in the activation phase

Figure 2 – Enabling automatic update in the Revovery Service vault

Another important feature introduced in Azure Site Recovery is the ability to replicate and fail over to other regions of virtual machines that belong to Availability Zones. Such functionality has been made available for all Azure regions that support Availability Zones.

Azure Backup

In Azure backup was simplifies the procedure to perform the restore of virtual machines, introducing the feature In-Place restore of disks, which allows to restore the disks of a virtual machine, without the need to create a new system. To do this simply select the following option at restore time:

Figure 3 – In-Place restore from the Azure Portal

Currently this feature is supported only for VMs managed unencrypted. There isn't currently support for generalized VMs and for VMs created using custom images, but this feature is definitely going to increase functionality.

In Azure Backup there is the possibility to activate the protection of SQL Server installed on a virtual machine Azure. In this area of functionality has been added Auto-protection and, if activated, lets make the discovery and protection of all the databases that will be added on that instance of SQL Server, standalone or in an Always On availability group.

Figure 4 – Auto-protect SQL databases with Azure Backup

System Center

System Center Virtual machine Manager

The installation of the following updates 'KB4467684', 'KB4478877', 'KB4471321' or 'KB4483229' on a host Windows Server 2016 managed by SCVMM, may mean that SCVMM is no longer able to enumerate or manage Logical Switch configured on the host. The problem is the fact that the above updates remove the registration of WMI classes used by SCVMM agent to enumerate and manage Logical Switch on the host. The solution is to record the classes in the WMI repository, as reported by this article.

System Center Configuration Manager

Released the version 1811 for the branch Technical Preview of System Center Configuration Manager.

Through the major new features in this release are the ability to insert code PowerShell as a Task Sequence step, thus eliminating the need to create and distribute the package to run PowerShell commands.

Figure 5 – PoerShell code injection in a Task Sequence

In this release are covered further innovations that can be found in this document.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

For the branch Technical Preview System Center Configuration Manager has been released version 1812. All that's new in this release can be found in this Microsoft's document. Please note that the Technical Preview releases Branch help you evaluate the new features of SCCM, so that you can investigate and provide feedback to the product team. These updates is recommended only apply them in test environments.

System Center Operations Manager

Following, are reported the news about the SCOM Management Packs:

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure Monitor: introduction to monitor service for virtual machines

In Azure Monitor was introduced a new service that allows you to monitor virtual machines, called Azure Monitor for VMs. This service analyzes the performance data and the status of virtual machines, makes the monitor of the installed processes and examines its dependencies. This article shows the characteristics of the solution and describes the procedure to be followed to effect the activation.

Features of the solution

The service Azure Monitor for VMs is divided into three different perspectives:

  • Health: the logical components present on board of the virtual machines are evaluated according to specific pre-configured criteria, generating alerts when certain conditions are met. This feature, at the moment, is present only for systems that reside in Azure.
  • Performance: shows summary details of performance, from the guest operating system.
  • Map: generates a map with the interconnections between the various components that reside on different systems.

This solution can be used on Windows and Linux virtual machines, regardless of the environment in which they reside (Azure, on-premises or at other cloud providers).

Azure Monitor for VMs requires the presence of a workspace of Log Analytics. Since this is a feature currently in preview, workspace are supported in these regions: West Central US, East US, West Europe and Southeast Asia. Enabling a Log Analytics workspace can occur according to these modes:

To identify the operating systems that are supported by this solution, please visit the Official Microsoft documentation.

 

How to enable Azure Monitor for VMs

To enable the solution for a single virtual machine, from the Azure Portal, it is possible to proceed by accessing the section Insights from the virtual machine:

Figure 1 – Enabling Azure Monitor for VMs on a single VM

Enabling the solution on a single virtual machine it is possible to choose which Log Analytics workspace use and possibly create a new one. The advice is to precede before with the creation of workspace, so you can assign a meaningful name. The workspace of Log Analytics must be configured as follows:

  • You must have installed the solutions ServiceMap and InfrastructureInsights. The installation of this solutions can be done via JSON templates, according to the instructions in this document.

Figure 2 – Presence of solutions ServiceMap and InfrastructureInsights

Figure 3 – Collecting the performance counters enabled on Log Analytics workspace

Azure Monitor for VMs requires Log Analytics agent on virtual machines, also the functionality of Map requires the installation of the Microsoft Dependency agent. This is an additional agent which relies on Log Analytics agent for the connection to the workspace.

If you want to enable the solution for systems in Azure, you can activate the Dependency agent using the appropriate extension, that do the installation. For virtual machines that reside on Azure you must install it manually or via a solution that automates the deployment (such as System Center Configuration Manager).

To enable this feature automatically on new virtual machines created in Azure environment and achieve a high level of compliance you can also use the Azure Policy. Through the Azure Policy you can:

  • Deploy the Log Analytics and Dependency agent.
  • Having a report on the status of compliance
  • Start remediation actions for non-compliant VMs.

Figure 4 – Adding an Assignment

Figure 5 - Initiative definition to enable Azure Monitor for VMs

Figure 6 - Check of the state of compliance of the Policy

 

Consulting data collected from the solution

To analyze and identify critical operating system events, detect suboptimal performance and network issues, you can refer to the data provided by this solution directly from VM or using Azure Monitor, in case you want to have an aggregated view of the various virtual machines. All this allows you to detect and identify if problems are related to specific dependencies on other services.

Figure 7 – State of Health of a single virtual machine

Figure 8 – Performance gathered from multiple VMs, accessible by Azure Monitor

Figure 9 – Dependencies Map of various services present on VMs, accessible by Azure Monitor

For more information about using the features of Health you can consult this Microsoft documentation, while the article View Azure Monitor for VMs Map shows how to identify and analyze the dependencies detected from the solution.

Costs of the solution

By activating the solution Azure Monitor for VMs, the data collected by the virtual machines are sent and maintained in Azure Monitor and can depend on several factors, such as the number of logical disks and network adapters. The costs are those related to Azure Monitor, which has costs on the basis of the following elements:

  • Data ingested and collected.
  • Number of health monitored criteria.
  • Alert rule created.
  • Notifications sent.

 

Conclusions

The service Azure Monitor for VMs allowing you to have a fully integrated tool in Azure to monitor the virtual machines and to obtain a complete control of systems, regardless of where they reside. This solution is also particularly useful to conduct troubleshooting operations in a simple and immediate way. This service, although it is currently in preview, is already full enough and it will be enriched soon with new features.

OMS and System Center: What's New in November 2018

Microsoft announces constantly news about Operations Management Suite (OMS) and System Center. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, to stay up to date on these topics and have the necessary references to conduct further investigation.

Operations Management Suite (OMS)

Azure Monitor

SQL Data Warehouse now allows you to send diagnostic information to a workspace of Log Analytics. This setting allows developers to better analyze the behavior of their application workloads to optimize queries, to better manage the use of resources and undertake troubleshooting operations.

Figure 1 – SQL Data Warehouse Diagnostics settings

Log Analytics

Starting from 1 February 2019 changes are foreseen regarding service-level agreements (SLAs) for Log Analytics and Application Insights (which are now part of Azure Monitor). The new SLAs refer to the availability of the query (Query Availability SLA) that for a given resource will be of 99.9 %. Previously, SLAs were referring to data latency (Data latency SLA).

Agent

This month the new version ofOMS agent for Linux systems fixes important bugs and improves stability. To obtain the updated version of the OMS agent you can access to the official GitHub page OMS Agent for Linux Patch v 1.8.1-256.

Figure 2 – Bug fixes and what's new for the OMS agent for Linux

Azure Backup

For Microsoft Azure Backup Server has been released version 3 (MABS V3), which includes important bug fixes, introduces support for Windows Server 2019 and SQL Server 2017, and introduces new features and improvements including:

  • Support for the protection of VMware virtual machines for production environments.
  • Use TLS 1.2 for communications between MABS and protected servers, for certificate-based authentication, and for cloud backups.

The MABS V3 code is based on the System Center Data Protection Manager 1807. To get more information about it, please consult the Knowledge Base Microsoft Azure Backup Server v3.

Azure Site Recovery

In Azure Site Recovery was introduced support for the firewall-enabled storage accounts. Thanks to this support you can replicate to another region, for disaster recovery purposes, virtual machines with unmanaged disks, residing on firewall-enabled storage accounts. The firewall-enabled storage account can also be selected as a storage target for unmanaged disks. You can also restrict access to the cache storage account, so that you can write only by the virtual network that host virtual machines. In these cases it is necessary to enable the exception as described in Microsoft documentation Allow trusted Microsoft services.

 

System Center

System Center Configuration Manager

For the Current Branch (CB) of System Center Configuration Manager has been releasedupdate 1810, that introduces new features and major improvements in the product.

The main novelty of this update reveals the possibility for Central Administration sites and child primary sites to have an additional site server in passive mode, on-prem or on Azure.

Figure 3 – Site server High Availability Architecture

For a complete list of new features introduced in this version of Configuration Manager you can consult the official documentation.

System Center Operations Manager

Following, are reported the news about the SCOM Management Packs:

  • Windows Server Cluster 2016 and 1709 Plus version 10.6.6
  • Windows Print Server 2016 and 1709 more version 10.6.1
  • Windows Server Network Load Balancing 2016 and 1709 plus versione 10.2.1
  • Internet Information Service 2016 and 1709 Plus version 10.9.1
  • Windows Server DNS versione 10.9.2
  • Windows Server DHCP 2016 and 1709 Plus version 10.11.0
  • Active Directory Federation Services version 10.3.0
  • Active Directory Federation Services 2012 R2 version 1.10172.1
  • Skype for Business Server 2019 version 2046.19
  • Windows Server 2012 DHCP version 6.0.7307.0
  • UNIX and Linux Operating Systems versione 7.7.1136.0
  • Microsoft Windows Server File & iSCSI Services 2012 R2 version 7.1.10100.2
  • Microsoft Windows Server File & iSCSI Services 2016 and 1709 More version 10.0.0.0

 

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

How to monitor Office 365 with Azure Log Analytics

In Azure Log Analytics is available a specific solution that consolidates within the Log Analytics workspace different information from the environment Office 365, making the consultation of the data simple and intuitive. This article will look at the characteristics of this solution and It will illustrate the steps to follow for the relative activation.

Features of the solution

The solution allows you to use Log Analytics to perform the following tasks related to Office 365:

  • Monitor the activities carried out by administrators, in order to track changes to configurations and operations that require elevated privileges.
  • Analyze the activities of account in Office 365 in order to identify behavioral trends and monitor resource utilization. For example, you can determine which files are shared outside your organization or check the most used SharePoint sites.
  • Provide support in audits and compliance. It is possible for example to control access to specific files that are considered confidential.
  • Identify any unwanted behaviors that are performed by users, based on specific organizational needs.
  • Play easier troubleshooting tasks that become necessary in your environment Office 365.

To enable this solution you must have an account with the role Global Administrator. For a single Log Analytics workspace you can connect multiple subscriptions Office 365. In case you want to merge in the Log Analytics workspace also the Audit events of Office 365 you must enable auditing on the subscription Office 365, by following the steps in this documentation.

Figure 1 – Enabling Office 365 audit

Solution activation

To enable theOffice 365 Management solution You must follow these steps. The solution collects data directly from Office 365, without the iteration of any agent of Log Analytics.

Figure 2 – Access to Workspace summary from the Azure portal and adding solution

Figure 3 - Selection of the solution of Office 365

Figure 4 – Selection of the workspace to use

The solution requires the presence of an Azure Active Directory application, configured as reported later, which is used to access data in Office 365.

Figure 5 – Adding a new App registration in Azure AD

Figure 6 – Creation of the App registration required for solution

Figure 7 – Enable Multi-tenanted

Figure 8 -Added API Access for Office 365 Management APIs

Figure 9 - Selection of permission for Office 365 Management APIs

Figure 10 – Assignment of permissions

To be able to configure the solution is required a key for the Azure Active Directory application created.

Figure 11 – Generating a key for the application

At this point, you must run the PowerShell script office365_consent.ps1 which enables administrative access. This script is available at this link.

Figure 12 - Command line example for the execution of the script office365_consent.ps1

Figure 13 - Request for administrative approval

The last step needed to complete activation is the script PowerShell office365_subscription.ps1, also available at this link, which subscribes the Azure AD application to the Log Analytics workspace.

Figure 14 - Command line example for the execution of the script office365_subscription.ps1

After the initial configuration may take several minutes to display the data from Office 365 in Log Analytics. All records created by this solution in Log Analytics have the Type in OfficeActivity. The value contained in the property OfficeWorkload determines which Office Service 365 refers: Exchange, Azure Active Directory, SharePoint, or OneDrive. In the property RecordType instead, is showed the type of operation performed.

The solution adds to the dashboard the following tile:

Figure 15 - Tile Office 365

When selected it will open the specific dashboard, which divides the various services activities collected from Office 365.

Figure 16 – Dashboard of Office 365

Of course you can also perform specific queries to suit your needs:

Figure 17 - Examples of queries to return specific records collected by the solution

 

Conclusions

The collection in Log Analytics of activities carried out in Office 365 allows granular control of the environment, in order to satisfy at best and with a single instrument to regulations concerning auditing and compliance.

OMS and System Center: What's New in October 2018

In October were announced, by Microsoft, a considerable number of news about Operations Management Suite (OMS) and System Center. Our community, through these articles that are released on a monthly basis, aims to provide a general overview of the main new features of the month, in order to stay up to date on these arguments and have the necessary references for further information.

Operations Management Suite (OMS)

Log Analytics

The documentation of the language used in Azure Log Analytics and Application Insights (Kusto) was incorporated within the standard Log Analytics documentation which can be found at this link. As announced at Ignite, Log Analytics and Application Insights are now an integral part of Azure Monitor and even the documentation was therefore adequate.

In Azure Log Analytics was introduced the possibility to receive logs from Azure Active Directory (Azure AD). This is a long overdue feature that allows you to take advantage of the potential of Log Analytics for the data contained in the logs of Azure AD. For details please visit the technical documentation.

Figure 1 – Configure sending Azure AD Log in Log Analytics

Agent

This month the new version ofOMS agent for Linux systems fixes some bugs related to the custom logs that cause occasional duplicates and improves reliability.

 

Azure Backup

Azure Backup introduces support in every region for disks Standard SSD managed.

The Azure Backup service has been extended to Central Australia region, where can now be used with the reliability and performance described in this document Azure Backup SLA.

In Azure Backup it has been improved experience during restore of Azure virtual machines , allowing you to complete the restore operation without performing any task manually. In addition, the naming convention used to restore disks has been improved to make it easy to identify the various associated disks to virtual machines.

 

Azure Site Recovery

Azure Site Recovery introduces support for virtual machines with the option of Azure Disk Encryption (ADE). This allows you to replicate this type of Windows virtual machines that are enabled forencryption through AAD app. For more details please visit the Microsoft documentation.

For Azure Site Recovery was released theUpdate Rollup 30 introducing new versions of the following components:

  • Microsoft Azure Site Recovery Unified Setup/Mobility agent (version 9.19.5007.1): used for replication scenarios from VMware to Azure.
  • Microsoft Azure Site Recovery Provider (version 5.1.3650.0): used for replication scenarios from Hyper-V to Azure or to a secondary site.
  • Microsoft Azure Recovery Services agent (version 2.0.9139.0): used for replication scenarios from Hyper-V to Azure.

The installation of this update rollup is recommended in deployments where there are the following components and versions:

  • Unified Setup/Mobility agent version 9.15.4860.1 or later.
  • Site Recovery Provider for System Center VMM: version 3.3. x. x or later.
  • Site Recovery Provider in replication scenarios without VMM: version 5.1.3200.0 or later.
  • Site Recovery Hyper-V Provider: 4.6. version x.x or higher.

For more information on the issues resolved, on improvements from this Update Rollup and to get the procedure for its installation is possible to consult the specific KB 4468181.

 

System Center

System Center 2016 LTSC (Long-Term Servicing Channel) sees the release ofUpdate Rollup 6, that solves different problems for SCVMM, SCDPM, SCOM e SCORC. To see the problems resolved for each product you can access the following pages:

System Center Configuration Manager

Released the version 1810 and the version 1810.2 for the branch Technical Preview of System Center Configuration Manager.

Among the main new features of this release there is the new Management Insights dashboard allowing you to have an instant view of the rules, bringing back those that may require corrective action.

Figure 2 – Management Insights dashboard

In this release are covered more news about:

  • Required app compliance policy for co-managed devices
  • Improvements to maintenance driver
  • Native task sequence support for Windows Autopilot for existing devices
  • Use Configuration Manager compliance policies to help assess co-managed devices
  • New boundary group options
  • Improvement to Co-management reporting
  • Boundary group relationship support of task sequences
  • Extended CMPivot
  • New client notification action to wake up device
  • Improvements to OData Endpoint Data
  • Documentation node

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

Released a update rollup for System Center Configuration Manager current branch version 1806, that solves different problems.

 

System Center Operations Manager

Following, are reported the news about Management Packs of SCOM:

  • Management Pack for SQL Server 2017+ Reporting Services (version 0.10.0).
  • Management Pack for SQL Server 2017+ Analysis Services (version 0.10.0).
  • Management Pack for Windows Server Active Directory Domain Services (version 0.2.2).
  • Management Pack for Microsoft Azure (version 1.6.0.0).
  • Management Pack for Office 365 (version 7.2.0.0).

 

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To try out the various components of System Center you must access theEvaluation Center and after the registration you can start the trial period.