Planning the Monitoring of my hybrid environment.
Hello folks, By now you may have read that I’ve rebuilt my demo environment to look like what a typical hybrid environment would look like. I did it slowly without having to rip and replace everything in my on-prem environment. Started out with establishing a site-to-site VPN, then a solution to remote into all the servers in my environment, configured a resilient way of resolving the names of all servers in my hybrid deployment, and lastly, configuring an Azure Arc Private Link Scope so that all my on-prem machines could connect to Azure using the VPN and not the open internet. Now as I look at all the operational tasks I need to implement (monitoring/insights, patch management, change management, etc...) To support all these operational requirements, I need the common underpinning provided by the Azure Log Analytics workspace.How to configure Security Events collection with Azure Monitor Agent
Security events collection (for Windows systems only) is done with the help of a guest agent. This has been possible so far with the legacy Log Analytics agent and the Defender for Servers auto-provisioning experience, and is also possible for Microsoft Sentinel users, via the Log Analytics and Azure Monitor Agent (AMA) data connectors. However, if you are not a Sentinel user yet and you are using Defender for Servers with the new AMA experience, it is still possible to collect security events, as you will learn next.
Monitoring of the legacy applications.
Azure Monitor has made lot of good things. And I think companies in future may try to replace their legacy monitoring tool with Azure Monitor. I think we need more solutions to monitor the legacy applications. - SCOM provides lot of legacy management packs, like mp for SharePoint, Windows Server, IIS , Skype for Business. IS there any plans to release solution packs for these ? - O365 Solution Pack was good. I think now its replaced with the Azure Sentinel O365 connector. AFAIK, this new connector can do things specific to security. But what about general monitoring of O365 ?Splitting single-tenant Microsoft Defender XDR Sentinel logs in multiple company scenarios
This article describes a simple, yet effective solution for the problem of segregating Microsoft Defender XDR and Entra ID Sentinel logs ingestion in a single-tenant with multiple companies scenario, leveraging Log Analytics workspace transformations and some simple KQL query statements.
