Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation
Log Analytics agent (also known as MMA) is on a deprecation path and will be retired in Aug 2024. The purpose of this blogpost is to clarify how Microsoft Defender for Cloud will align with this plan and what is the impact on customers.
New Blog Post | Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview
Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview - Microsoft Community Hub The Microsoft Defender EASM (Defender EASM) team is excited to share that new Data Connectors for Azure Log Analytics and Azure Data Explorer are now available in public preview. Defender EASM continuously discovers an incredible amount of up-to-the-minute Attack Surface Data, so connecting and automating this data flow to all our customers’ mission-critical systems that keep their organizations secure is essential. The new Data Connectors for Log Analytics and Azure Data Explorer can easily augment existing workflows by automating recurring exports of all asset inventory data and the set of potential security issues flagged as insights to specified destinations to keep other tools continually updated with the latest findings from Defender EASM. Original Post: New Blog Post | Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview - Microsoft Community Hub
Display multiple time charts in log analytics
I want to display multiple time line charts using queries in log analytics. One chart should show data from today and other one should be showing data for yesterday. Is it possible ? gone through few articles and found that multiple time line charts are not supported at this time. Any examples or inputs will be helpful.
Using KQL queries to dive into dynamic arrays Azure Log Analytics
I'm running this command to break out the dynamic arrays IntuneAuditLogs | where TimeGenerated > ago(7d) | extend propertiesJson = todynamic(Properties) | extend propertiesTargets = todynamic(propertiesJson.Targets) But I have these arrays that appear to have these index numbers and data within them is different between each data type: How would I go about referencing each of these and their subsequent values?How to configure Security Events collection with Azure Monitor Agent
Security events collection (for Windows systems only) is done with the help of a guest agent. This has been possible so far with the legacy Log Analytics agent and the Defender for Servers auto-provisioning experience, and is also possible for Microsoft Sentinel users, via the Log Analytics and Azure Monitor Agent (AMA) data connectors. However, if you are not a Sentinel user yet and you are using Defender for Servers with the new AMA experience, it is still possible to collect security events, as you will learn next.
Azure Active Directory error 50053
Hello to everyone, I searched my users' logs in the monitoring tab. Several of them have error 50053 : The account is locked, you've tried to sign in too many times with an incorrect user ID or password. They are not blocked, connect from Europe only (while in the location there are only Asian cities), MFA is well activated on all users. Thanks in advance,SignInLogs are not showing in Log Analytics / Azure Monitor
I have followed the steps to create an Log Analytics workspace, and configured the Diagnostic Settings in Azure AD to send the SignInLogs and AuditLogs to LogAnalytics. However, I cannot see the SignInLogs; I only see events from AuditLogs available in Log Analytics. I believe I have met the prerequisites on licensing by means of a trial of Azure AD Premium P2 license. Does anybody know why it's only sending out the AuditLogs and not the SignInLogs to Log Analytics?
