Log
11 Topics- Identifying the Presenter Who Removed a Guest in a Meeting RecordingHi , I would like to know if it is possible to identify which presenter removed a guest from a Microsoft Teams meeting by reviewing the meeting recording or any associated logs. Does the platform record such actions, and if so, where can this information be accessed? Thank you for your assistance!34Views0likes0Comments
- No Metrics in Application InsightsI have a web app hosted in Azure. I created function apps and app service with application insights enabled on each resource. As you can see from the screenshot of my app service, there is a metric data: But when I checked its application insights, there are no data in the metrics: I also checked traces from the logs and there are data being logged. I would like to know why data is not reflected on the application insights. The instrumentation key are matched with the app settings of function app/app service. Hope you can help me on this issue. Thanks!1.1KViews0likes0Comments
- System Updates queries, how to find counts and list machinesHi, I'm trying to make a bunch of queries + new dashboard, that is similar to the built-in queries in the System Update Assessment in Azure LogAnalytics. But I simply don't know, how I can make the right queries. I have tried to describe the needed queries below. Does anyone have something they would share with me - or similar queries, which can inspire me. My customer has made their own definitions/grouping: // CRITICAL NON-SECURITY UPDATES (monthly): Critical Updates // IMPORTANT SECURITY UPDATES (monthly): Security Updates, Security-only update, Update Rollups, Monthly Rollups // IMPORTANT FEATURE UPDATES (planned): Feature Packs, Updates, Servicing Stack Updates, Upgrades, Service Packs // Output: Pie Chart // Need Critical Updates = CriticalUpdatesCountTotal // Need Important Security Updates = SecurityUpdatesCountTotal // Need Important Feature Updates = FeatureUpdatesTotal // Up to date = NoPendingTotal ------------------------------- Basically I want to find number of machines, which has CRITICAL NON-SECURITY UPDATES pending, which are more than 1 months old to exclude this months updates number of machines, which have IMPORTANT SECURITY UPDATES pending which are more than 1 months old to exclude this months updates number of machines, which have IMPORTANT FEATURE UPDATES pending which are more than 1 months old to exclude this months updates number of machines, which have NO pending updates which are more than 1 months old to exclude this months updates Hints ?? // ---------------------------------------------------------------------------------- // Query 1: Count of machines (dashboard) // ---------------------------------------------------------------------------------- Update // find all Windows updates - excluding Definition Updates and Drivers | where OSType!="Linux" and Optional==false and Classification != "Definition Updates" and Classification != "Drivers" // Find newest updates entries per computer | summarize hint.strategy=partitioned arg_max(TimeGenerated, *) by Computer,SourceComputerId,UpdateID // Summarize number of machines, which has CRITICAL NON-SECURITY UPDATES pending, which are more than 1 months old to exclude ths months updates CriticalUpdatesCountTotal = UpdateState=~"Needed" and Approved!=false and Classification contains "Critical Updates" and PublishedDate < now(-31d) // Summarize number of machines, which have IMPORTANT SECURITY UPDATES pending which are more than 1 months old to exclude ths months updates SecurityUpdatesCountTotal = UpdateState=~"Needed" and Approved!=false and ( (Classification contains "Security Updates") or (Classification contains "Rollups") ) and PublishedDate < now(-31d) // Summarize number of machines, which have FEATURE UPDATES pending which are more than 1 months old to exclude ths months updates FeatureUpdatesTotal = UpdateState=~"Needed" and Approved!=false and ( (Classification contains "Feature Packs") or (Classification == "Updates") or (Classification == "Upgrades") or (Classification contains "Service Packs") ) and PublishedDate < now(-31d) // Summarize number of machines, which have NO pending updates which are more than 1 months old to exclude ths months updates NoPendingTotal = UpdateState=~"Needed" and Approved!=false and ( (Classification contains "Feature Packs") or (Classification == "Updates") or (Classification == "Upgrades") or (Classification contains "Service Packs") ) and PublishedDate < now(-31d) // Output: Pie Chart // Need Critical Updates = CriticalUpdatesCountTotal // Need Important Security Updates = SecurityUpdatesCountTotal // Need Important Feature Updates = FeatureUpdatesTotal // Up to date = NoPendingTotal // ---------------------------------------------------------------------------------- Query 2: List of machines which has CRITICAL NON-SECURITY UPDATES pending, which are more than 1 months old // ---------------------------------------------------------------------------------- Query 3: List of machines which has IMPORTANT SECURITY UPDATES pending, which are more than 1 months old // ---------------------------------------------------------------------------------- Query 4: List of machines which has FEATURE UPDATES pending, which are more than 1 months old // ---------------------------------------------------------------------------------- Query 5: List of machines which has NO pending updates, which are more than 1 months old // ---------------------------------------------------------------------------------- // Microsoft Definition // ---------------------------------------------------------------------------------- // Critical update - A widely released fix for a specific problem that addresses a critical, non-security-related bug. // Definition update - A widely released and frequent software update that contains additions to a product’s definition database. Definition databases are often used to detect objects that have specific attributes, such as malicious code, phishing websites, or junk mail. // Driver - Software that controls the input and output of a device. // Feature pack - New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release. // Security update - A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. // Service pack - A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs my also contain a limited number of customer-requested design changes or features. // Tool - A utility or feature that helps complete a task or set of tasks. // Update - A widely released fix for a specific problem. An update addresses a noncritical, non-security-related bug. // Update rollup - A tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS). // Security-only update - An update that collects all the new security updates for a given month and for a given product, addressing security-related vulnerabilities // Monthly Rollup - A tested, cumulative set of updates. They include both security and reliability updates that are packaged together. The Monthly Rollup is product specific, addresses both new security issues and nonsecurity issues in a single update and will proactively include updates that were released in the past. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. This Monthly Rollup would be displayed under the title Security Monthly Quality Rollup when you download or install. This Monthly Rollup will be classified as an "Important" update on Windows Update and will automatically download and install if your Windows Update settings are configured to automatically download and install Important updates. // Servicing Stack Updates (SSU) - The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.Solved19KViews0likes6Comments
- Any logs about the changes of the assignments of the Teams user policies?Is there any place where I can find log files about changes of the teams policies and assignments of these? From time to time there are assignment changes of policies to users and we'd like to find out who or which app initiates them. I don't see anything within the audit log / azure logs. I found this thread about using CASB?! (which unfortunately is not licensed in our company).1.6KViews0likes1Comment
- Windows 11 wevtutil cannot render (system) messagesOur application reads from the Windows Event log and formats/renders events with the "EvtFormatMessage" function (flags argument is "EvtFormatMessageXml", hPublisher is set with a handle received from EvtOpenPublisherMetadata()). We tried out our application on the new Windows 11 OS, and for some events in the Application log our application sees the following error: error='The system cannot find message text for message number 0x%1 in the message file for %2.\x0d\x0a' The event were created from command line with "eventcreate" program, but most event sources cause this error: eventcreate /T SUCCESS /L APPLICATION /ID 1 /D "eventcreate okay" We checked with Event Viewer and it doesn't print any error, however the command line utility "wevtutil" cannot format any events from the Application log: wevtutil qe Application /f:renderedxml /rd Failed to render events. Error=317 Failed to render events. Error=13 Wevtutil command can read the events from the given log, if the flag /f:text is used. Can you help us determine the root cause of the wevtutil issue? Both our application and wevtutil with renderedxml flag works on windows 10 version. Used Windows version: Windows 11 Pro, Version: 21H2, OS build: 220000.100 We checked wevtutil with elevated prompt (run as administrator) as well.2KViews0likes1Comment
- How to get change logs for list items in SharePoint OnlineThe user creates and updates items for the list created in SharePoint Online, but wants to record the time, user, target list item name, etc. as a log. Currently, I am creating a flow that records changes to the list in Excel with PowerAutomate as a trigger, but I am looking for another method because the trigger activation interval is limited and it is inconvenient. Please note that you do not have administrator privileges for Office 365. Power Automate too It is a free license. (Is it possible to achieve this by having administrator privileges for Office 365 in the first place?)3KViews0likes0Comments
- Participant was removed from the conversation by another participantHi All, we are supporting the Teams in several educational environment. It often occurs, that a student removes an other from the meeting. As on the page Dashboard\Users\username\Meeting\Session\Debug seen in this situation: Skype_ResultDetail=Participant was removed from the conversation by another participant. OK. But who is this "another participant"? Is it a log anywhere to find it? Another game is to muting others. Is it logged anywhere, who muted the other? Thanks!2.2KViews0likes4Comments
- How to investigate Teams errors or analyse the log fileFrom time to time errors happen within Teams. One current example of that is that users cannot create a new planner plan and add it as a tab within Teams. There is just this error message "Failed to create the plan" but no hint where to look. Is there any place within the logs I could take a look for errors like these?Solved3.4KViews0likes1Comment
- Combine Log parser from, to, ip, dns name and hits, order by hits I can't make itHello, I don't know if it's possible, but I need combine in Log Parser : FROM, TO, IP, DNS NAME, HITS x x x x 10000 x x x x 9999 x (if more with the same sender and receiver) I try it this codes. ./logparser.exe "SELECT EXTRACT_PREFIX(remote-endpoint,0,':') as IP,REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as Name,Count(*) as Hits from 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend\*.log' WHERE data LIKE '%EHLO%' GROUP BY IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1 >> C:\Temp\ES-DSS-SMTPSend_MAILFLOW07032020_01.csv and ./logparser.exe "SELECT data,Count(*) as Hits from 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend\*.log' WHERE data LIKE '%MAIL FROM%' or data LIKE '%RCPT TO%' GROUP BY data ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1 >> C:\temp\ES-DSS-SMTPSend_MAILFLOW07032020.csv I don't know how combine or make a Select into another select. Thanks and regards, Tomás Esteban Corey1.3KViews0likes2Comments