-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.4: Sample Data, Tables, DCRs, Initial Ingestion
Introduction: We have now covered what this solution does and its cost, at least from an ingestion standpoint. Now, we will finally be deploying something! In this article, we will generate our sample data, use it to create our new tables and DCRs, grant the appropriate permissions on those DCRs, and perform an initial ingestion!…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.3: Configure Event Auditing and Power Settings
As explained, the System Usage monitoring makes use of Windows Event logs for data gathering. While the Event Log has a ton of useful information by default, some events only log when enabled via an additional policy. Additionally, some won’t log at all until certain power settings are changed (See part 1.1, startup and shutdown…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.2: Cost
Introduction: Following my initial articles describing what is collected, how it is displayed, and the quirks that the collector has, this article will cover the cost of this solution. Before we start, please know that I am no Azure cost “expert.” I can point you in the right direction and provide examples, but you need…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.1: Technical Details and Limitations
Introduction: In my initial article of this series, I mentioned that there are several asterisks, footnotes, limitations, and caveats to understand with this solution. To elaborate a bit further, this article explains more about how this works, the details of the events we capture, what we don’t/can’t capture for one reason or another, and what…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.0: Overview
Introduction: For those of you familiar with my work on Log Analytics, you know that I have at several times throughout several articles touted the ability for PowerShell to pull Windows Events, including those from the Security log which the now old Log Analytics agent could not do. And, unfortunately, the new AMA has other…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.9: Deploying the Collector Script via Proactive Remediations
Introduction: With your data ingesting and workbooks deployed, we are now ready to start to deploy the collector out via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. To be clear, I mean just the Windows Endpoints series for App/Device/Admin Inventory. There are quite a…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.8: Application Inventory Workbook
Introduction: With your data now ingesting into Log Analytics, granted the collectors not yet deployed, we are ready to begin setting up our workbooks to further confirm data is coming in properly. Now done with deploying your Admin Inventory and Device Inventory workbook, let’s knock out the final one – Application Inventory. Note: It would be a good…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.7: Device Inventory Workbook
Introduction: With your data now ingesting into Log Analytics, granted the collectors not yet deployed, we are ready to begin setting up our workbooks to further confirm data is coming in properly. Now done with deploying your Admin Inventory workbook, let’s go ahead and do a big one – Device Inventory. Note: It would be a…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.6: Admin Inventory Workbook
Introduction: With your data now ingesting into Log Analytics, granted the collectors not yet deployed, we are ready to begin setting up our workbooks to further confirm data is coming in properly. I feel like starting with Admin Inventory for some reason, so let’s go ahead and get this one knocked out. Note: It would…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.5: Sample Data, Tables, DCRs, Initial Ingestion
Introduction: We have now covered what this solution does as well as its cost, at least from an ingestion standpoint. Now, we will finally be actually deploying something! In this article, we will be generating our sample data, using it to create our new tables and DCRs, granting the appropriate permissions on those DCRs, and…
Azure to the Max 