Category: PowerShell
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.0: Overview
Introduction: For those of you familiar with my work on Log Analytics, you know that I have at several times throughout several articles touted the ability for PowerShell to pull Windows Events, including those from the Security log which the now old Log Analytics agent could not do. And, unfortunately, the new AMA has other…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.5: Sample Data, Tables, DCRs, Initial Ingestion
Introduction: We have now covered what this solution does as well as its cost, at least from an ingestion standpoint. Now, we will finally be actually deploying something! In this article, we will be generating our sample data, using it to create our new tables and DCRs, granting the appropriate permissions on those DCRs, and…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.2: Admin Inventory Overview
Introduction: Following my initial article in the series, this article will cover an overview of the Admin Inventory component of this collector / workbook with a primary focus on what this tool does for you and how the data is visualized in the workbooks. In this section we will cover… Prior Knowledge Requirement: I don’t want to…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.0: Device Inventory Overview
Introduction: This is the start of something big. Those familiar with my work on Log Analytics probably have realized I seem to know a lot but haven’t put out a ton of useable items yet. Those familiar with the work my work is based on, that being Jan Ketil Skanke of MSEndpointMGR team and his…
-
PowerShell DCR Log Analytics for Windows 365 Monitoring Part 2.2: Sample Data, Tables, DCRs, Initial Ingestion
Let’s get right into it. Following our last post, here is how you actually set this monitoring up. This part will cover the creation of the DCR’s, Tables, and initial data ingestion. Setup of the workbook as well as the true deployment of the collector scripts will come in part three. Again, I cannot possibly recommend…
-
PowerShell DCR Log Analytics for Windows 365 Monitoring Part 2.1: Overview
Introduction: Following my Log Analytics Learning Series V2, this three-part series will provide you with the resources and information to guide you through the setup of Log Analytics for monitoring a Microsoft Windows 365 (Cloud PC) environment. A big shout out to some friends on the Windows 365 team at Microsoft for helping determine what…
-
PowerShell DCR Log Analytics: Part 2.9 – Modifying the Collection Script to Ingest New Data
In the last part of this series, we took a look at how the collection script works. In this part, we will look at how you can modify it to collect a new piece of data. While I would prefer you to simply follow along, the final result script created in this guide will be SampleCollectionScriptV4.ps1 which…
-
PowerShell DCR Log Analytics: Part 2.8 – How the Collection Script Works
This post will cover how the data collection script works with a focus on the sections you would want to change in order to modify it. An example of how to modify it, along with the necessary corresponding DCR and table changes, will come later as I am trying to keep these posts less monstrously…
-
PowerShell DCR Log Analytics: Part 2.6 – Troubleshooting Upload Failures
This is something I didn’t write before that I really should have. This article will cover how to troubleshoot an upload failure. This is applicable to ANY log client script, not just the sample collection. Critical: If you (recently) altered/alter ANY of the Function App permissions either via the guide or by following the steps…
-
PowerShell DCR Log Analytics: Part 2.5 – Sample Script, DCR & Table Creation, DCR Permission, First Ingestion
Yes, this part is going to cover a lot. But, by the end of this you will actually have sample data being ingested to Log Analytics! Unfortunately, this process is one of those things that makes a lot more sense to do and then explain. This information is all based on this article from Microsoft, and…
Azure to the Max 