HOTSPOT
-
You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.
You need to capture the event logs from the computers to Azure.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events
Log Analytics Workspaces - This is a table or DB that captures (ingests) logs and stores them so that queries can be run against them. Install the Azure Monitor Agent (previously known as the Log Analytics Agent) - This is the agent that runs on any Windows machine (on-prem or cloud) and reports back. The configuration in between the Azure Monitor Agent and a Log Analytics Workspace is defined in Data Collection Rules (DCRs). DCRs instruct the Azure Monitor Agent to push selected logs and performance counter data to a Log Analytics Workspace.
can someone explain why not second option is: Enroll Microsoft Intune
Azure Monitor and Log Analytics make up the monitoring solution used by various Azure related services. To be able to extract event logs from a VM or on-prem machine, you need to install the Azure Monitor agent. The agent will report back to the Log Analytics workspace that is configured in a Data Collection Rule (DCR). From Azure Monitor you can use pre-curated 'Workbooks' to run queries again the Log Analytics Workspaces and produce results. Those results can be visualized in Azure Monitor Insights which is available within most Azure services. The pre-curated workbooks are simple to use and can be edited to create your own custom dashboard if required. You can also write your own queries using Kusto Query Language (KQL) if desired. Workflow: Virtual Machine <---> Azure Monitor Agent <---> DCR <---> Log Analytics Workspace.
SEEMS CORRECT
Is this actually possible for AD clients ? https://learn.microsoft.com/en-us/entra/identity/monitoring-health/howto-integrate-activity-logs-with-azure-monitor-logs I thought they would need licenses and a Azure AD Registration. If someone could confirm
hi, this exactly what I was wondering. found this article: https://www.sharepointeurope.com/audit-windows-ad-security-group-changes-azure-log-analytics/ it stands: Azure Log Analytics can help you to audit security breaches not only in the cloud but also in onprem Windows Active Directory environments. With this article I give you an idea on how custom views in Azure Log Analytics can help you to see changes at a glance. therefore: Q2 - install Azure Monitoring Agent seems correct
Is it not storage account which is needed to store the logs before used for consumption?
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-windows-client#prerequisites You must join Azure in order to install the monitor agent.