# setup
$rg = "x"
$ws = "y"
$ws_res = Get-AzOperationalInsightsWorkspace -ResourceGroupName $rg -Name $ws
$kinds = "AzureAuditLog,AzureActivityLog,CustomLog,LinuxPerformanceObject,LinuxSyslog,WindowsEvent,WindowsPerformanceCounter,ApplicationInsights".Split(",")
$kinds | ForEach-Object { Write-Host $_ ; Get-AzOperationalInsightsDataSource -ResourceGroupName $rg -WorkspaceName $ws -Kind $_ }
- WindowsPerformanceCounter => Stream: Microsoft-Perf
- WindowsEvent => Stream: Microsoft-Event
- LinuxPerformanceObject => Stream: Microsoft-Perf
- LinuxSyslog => Stream: Microsoft-Syslog
- CustomLog => TBD
# Will fail. Filter by kind is mandatory.
Invoke-AzRestMethod -Path ($ws_res.ResourceId + "/dataSources" + "?api-version=2020-08-01") -Method GET
REST API Spec lists all available data sources: https://learn.microsoft.com/en-us/rest/api/loganalytics/data-sources/list-by-workspace?view=rest-loganalytics-2023-09-01&tabs=HTTP#datasourcekind
Get-AzOperationalInsightsIntelligencePack -ResourceGroupName $rg -WorkspaceName $ws
- VMInsights
- => Stream: Microsoft-InsightsMetrics
- => Extension: DependencyAgent, Stream: Microsoft-ServiceMap
resources
| where type == "microsoft.operationsmanagement/solutions"
| extend workspace = tolower(properties.workspaceResourceId)
| parse workspace with * "/workspaces/" workspacename
| where workspace == tolower("{workspaceid}")
| parse name with Solution "(" *
| extend Solution = iff(isempty(Solution), name, Solution)
| where Solution !in ("azureActivity")
| extend workspacename = tolower(workspacename)
| extend Message = case(Solution in~ ('security', 'securityCenter', 'securityCenterFree', 'antimalware', 'sqlAdvancedThreatProtection', 'sqlVulnerabilityAssessment', 'sqlAssessment', 'sqlAssessmentPlus'), "Start migrating to Defender for Servers on AMA",
Solution in~ ('windowsDefenderATP'), "Migrate to latest MDE solution for Windows 10+, For Windows 8 and lower, the legacy agent based support will be deprecated by August 2024",
Solution in~ ('updates'), "Migration to Update Management Center (does not use legacy agents nor AMA)",
Solution in~ ('azureAutomation'), "Migrate to Azure Automation Hybrid Worker Extensions (does not use legacy agents nor AMA)",
Solution in~ ('changeTracking'), "Start migrating to Change Tracking on AMA",
Solution in~ ('securityinsights', 'windowsFirewall', 'windowsEventForwarding'), "Migrate to Sentinel-AMA connectors",
Solution in~ ('dnsAnalytics'), "Migrate to Sentinel-DNS-AMA connector",
Solution in~ ('vminsights', 'servicemap'), "Migrate to VM Insights on AMA",
Solution in~ ('containerInsights', 'containers'), "Already auto-migrated to AMA. Optional: Migrate to managed identity and DCRs",
Solution in~ ('infrastructureInsights'), "This has been deprecated and no longer supported.",
Solution in~ ('networkMonitoring'), "Migrate to Connection Monitor on AMA",
Solution in~ ('adAssessment','adAssessmentPlus','adSecurityAssessment','sccmAssessmentPlus','windowsServerAssessment','exchangeAssessment','azureAssessment','exchangeOnlineAssessment','windowsClientAssessmentPlus','sharePointOnlineAssessment','spAssessment','sfBOnlineAssessment','sfBAssessment','SCOMAssessmentPlus','SQLAssessmentPlus', 'SQLAssessment/SQLAssessmentPlus','DesktopAssessmentPlus','WindowsClientAssessment'), "Migrate On-Demand Assessments now to AMA",
Solution contains "Start-Stop-VM", "Migrate to the new Stop/Start VM V2 feature",
Solution in~ ('behaviorAnalyticsInsights'), "Migrate to Identify advanced threats with User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel | Microsoft Learn which does not use agents",
Solution in~ ('AzureSQLAnalytics'), "Migrate to Monitor your SQL deployments with SQL Insights (preview) - Azure SQL Database | Microsoft Learn on AMA",
Solution in~ ('agentHealthAssessment'), "Use the AMA Health workbook in the gallery instead",
Solution in~ ('logicAppsManagement','Office365', 'LogicAppB2B'), "It will work the same on AMA",
"If you plan to continue using this solution, please contact the solution owner using a support request")
| extend Link = case(Solution in~ ('security', 'securityCenter', 'securityCenterFree', 'antimalware', 'sqlAdvancedThreatProtection', 'sqlVulnerabilityAssessment', 'sqlAssessment', 'sqlAssessmentPlus'), "https://learn.microsoft.com/en-gb/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent",
Solution in~ ('windowsDefenderATP'), "https://learn.microsoft.com/en-gb/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide#onboarding-methods",
Solution in~ ('updates'), "https://learn.microsoft.com/en-gb/azure/update-center/",
Solution in~ ('azureAutomation'), "https://learn.microsoft.com/en-gb/azure/automation/automation-hybrid-runbook-worker",
Solution in~ ('changeTracking'), "https://learn.microsoft.com/en-us/azure/automation/change-tracking/overview-monitoring-agent",
Solution in~ ('securityinsights', 'windowsFirewall', 'windowsEventForwarding'), "https://learn.microsoft.com/en-gb/azure/sentinel/data-connectors-reference#windows-security-events-via-ama",
Solution in~ ('dnsAnalytics'), "https://learn.microsoft.com/en-gb/azure/sentinel/connect-dns-ama",
Solution in~ ('vminsights', 'servicemap'), "https://learn.microsoft.com/en-gb/azure/azure-monitor/vm/vminsights-enable-overview",
Solution in~ ('containerInsights', 'containers'), "https://learn.microsoft.com/en-gb/azure/azure-monitor/containers/container-insights-enable-existing-clusters?tabs=azure-cli#migrate-to-managed-identity-authentication",
Solution in~ ('networkMonitoring'), "https://learn.microsoft.com/en-us/azure/network-watcher/azure-monitor-agent-with-connection-monitor",
Solution contains "Start-Stop-VM", "https://learn.microsoft.com/en-us/azure/azure-functions/start-stop-vms/overview",
Solution in~ ('adAssessment','adAssessmentPlus','adSecurityAssessment','sccmAssessmentPlus','windowsServerAssessment','exchangeAssessment','azureAssessment','exchangeOnlineAssessment','windowsClientAssessmentPlus','sharePointOnlineAssessment','spAssessment','sfBOnlineAssessment','sfBAssessment','SCOMAssessmentPlus','SQLAssessmentPlus', 'SQLAssessment/SQLAssessmentPlus','DesktopAssessmentPlus','WindowsClientAssessment'), "https://learn.microsoft.com/en-us/services-hub/unified/health/migration",
Solution in~ ('behaviorAnalyticsInsights'), "https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics",
Solution in~ ('AzureSQLAnalytics'), "https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-insights-overview?view=azuresql",
Solution in~ ('logicAppsManagement','Office365', 'LogicAppB2B'), "",
"https://portal.azure.com/#view/Microsoft_Azure_Support/HelpAndSupportBlade/~/overview")
| project workspace, workspacename, Solution, Message, Link
| order by ['Link'] asc
- https://learn.microsoft.com/en-gb/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent?WT.mc_id=Portal-AppInsightsExtension
- Security
- SecurityCenterFree
- SQLAdvancedThreatProtection
- SQLVulnerabilityAssessment
- https://learn.microsoft.com/en-us/azure/network-watcher/azure-monitor-agent-with-connection-monitor?WT.mc_id=Portal-AppInsightsExtension
- NetworkMonitoring
- Contact support
- AntiMalwareOMS