Blog Post

Core Infrastructure and Security Blog
11 MIN READ

Forward On-Premises Windows Security Event Logs to Microsoft Sentinel

paulberg's avatar
paulberg
Icon for Microsoft rankMicrosoft
Dec 16, 2021
  Hello, It has been a while since Raven, and I have blogged on security. My little buddy Raven (miniature Schnauzer) has been dealing with genetic back problems that have made it difficult to ru...
Updated Jan 04, 2022
Version 6.0
PaulBergson
Ciyaresh's avatar
Ciyaresh
Brass Contributor
Feb 22, 2024

djoslin 

 

How did you create the private link scope? Did you read about the DNS requirements? Your on-premise servers/domain controller needs to be able to resolve the Azure DNS servers. See below from the article https://learn.microsoft.com/en-us/azure/azure-arc/servers/private-link-security#restrictions-and-limitations

 

  • All on-premises machines need to use the same private endpoint by resolving the correct private endpoint information (FQDN record name and private IP address) using the same DNS forwarder. For more information, see https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns

There are many bits to the private link scope, including the private endpoint configuration / networking. Also when you do create an Arc resource and deploy AMA agent, you need to make sure that AMA is using the private link scope (it does not by default). Also warning about AMA agent if you are using a proxy in your on-premise environment and applied proxy setting to Arc, AMA does not copy this, so you need to manually add the proxy settings to AMA. Unless they have changed this recently.