When using Microsoft technologies in your enterprise IT stack, you have a few native options for systems monitoring and alerts. Two recent product developments — folding Operations Management Suite (OMS) functionality into Azure Monitor, as well as the release of the new SCOM 2019 — have reignited the debate to determine whether Azure Monitor can entirely replace the long standing, good-old SCOM (System Center Operations Manager).
In a way, I feel this comparison is a bit unfair, like comparing apples with oranges. Ultimately the two products can work together and overlap in order to eliminate monitoring gaps in your environment. So which monitoring solution would work the best for your enterprise? Let’s try to figure out!
This is Part Two and the final entry in our introductory blog series on Azure Sentinel, Microsoft's new Security Information and Event Management (SIEM) tool for Azure environments. Read Part One here for information on what Sentinel is, how to set it up, and how to begin importing data from your Azure PaaS and IaaS.
In Part Two, we'll examine deeper functionalities within Sentinel including Machine Learning, queries, and automation.
Azure Sentinel is Microsoft's cloud-native SIEM (Security Information and Event Management) service with built-in AI analytics. It reduces the cost and complexity to provide a single pane of glass to get central and near real-time view of your whole environment.
Threats related to infrastructure, networking, users, and applications can be monitored via Azure Sentinel. As a cloud-native service, it scales as per your needs. It collates the data from your environment on-premises, in Azure, and any third party cloud providers. It uses Microsoft Threat Intelligence to analyze all the signals and filters out the noise from actual relevant alerts.
This two part blog series will introduce you to Azure Sentinel and show you how to get set up with the service and start exploring its many features.
Whatever your cloud or virtualization platform of choice, you can implement tags on your resources in order to easily apply configuration changes or search by group.
As multi-cloud environments continue to become more and more popular and your virtual servers, storage, and associated components sprawl across various providers, efficient governance becomes even more critical.
By implementing a cloud resource tagging policy, you lay the groundwork to consistently apply automated or manual actions relating to allocation, reporting, chargeback, compliance, security, patching, software installation, and even decommissioning or scaling resources when required.
Alert Rules in Azure are a tool to let you know when some condition of your choice has occurred within any given component of your Azure infrastructure. In other words, they alert you to potential problems so you can remedy them before anything serious goes wrong.
Have you ever had the tedious task of creating multiple alerts for all of the resources in your subscription? Let me tell you, it is really time consuming to create them from scratch one by one.
I have a PowerShell Script that can Target and Create specific metric alerts for the resources you define inside of the script, making it much simpler to create a large amount of alerts at one time.
Skip down to the script if you’re familiar with Alerts already. If you aren’t here’s an overview on how they work.
Sometimes you want to trigger a specific action when something is detected by one of your alert rules inside of Azure. If you want to immediately remediate the specific issue you are facing normally you would have to login to the machine once you receive the alert, but by using an Azure Automation account you don’t have to take any additional steps to fix whatever threw the alert — just create your script and leave it to run whenever the alert is triggered. As simple as that.
This works perfectly when you need to resolve a common issue with a trusty PowerShell script that you have often used. This method will save you time and effort; you can rest assured that the issue is being taken care of with the help of a Custom Script Extension.
Running a custom script on a specific machine when an alert is triggered in Log Analytics is quite easy. Here are the following steps you need to follow to achieve this.
You may be familiar with Microsoft Operations Management Suite (OMS) — a management system that works to simplify your IT processes. Troubleshooting, change tracking, and updates are just a few common IT tasks that OMS could handle. OMS components brought together backup services, site recovery, log analytics, and automation and are available for hybrid, multi-cloud, and on-premises environments.
Microsoft deprecated OMS as of January 2019, moving all functionality into the Azure portal. Learn more about why OMS and the new Azure portal are useful for your IT workflow and what has changed with the migration to Azure.
Cloud-native automation and orchestration tools make IT administration easier — at least once you know what you’re doing. While there is also some concern among the ranks of cloud technicians that automation could lead to job losses, by mastering the tools available you make yourself more valuable, while also finding and executing on efficiencies. Cloud automation is a win-win.
But where should you begin when it comes to automating your cloud environment? There are many moving parts in an enterprise cloud deployment, even within specific application clusters.
These are the three easiest targets for automation and orchestration.
When you decide to move your Exchange environment to the cloud, you might be confused to discover that you still need to maintain an on-premises Exchange server. There are several reasons for this, stemming from the migration process and on to Identity Management.
If you’re moving from an active on-premises Exchange deployment, you’ll first configure an interim “Exchange Hybrid” environment which hosts mailboxes within Exchange Online and your local Exchange server. The two locations share namespace, address books, free-busy, calendars, really every Exchange functionality is synced between them. Mail flow and other functions appear to be internal, but might actually be processed and stored in the cloud environment.
Azure Stack enables you to run Azure workloads on-premises or even within a colocation facility, enabling stronger security and control over your data and applications with a single management platform for your public Azure cloud infrastructure and your Azure Stack deployment.
You can use many of the best Azure tools, processes, and features — including add-ons and open source solutions from the Azure Marketplace — in the cloud of your choice, helping to meet regulatory or technical challenges.
Before you get started with this intriguing hybrid and private cloud technology from Microsoft, there are a few things you’ll need to keep in mind, however. Here are some of the most important.