Azure Stack is extension of Azure and as such I am dealing with it as well. You may end up in a situation where you’ve created User Subscriptions in Azure Stack and after some time you want to delete them. Before deleting them you will need first to delete all the resources inside those subscriptions but the accounts of the owners of these subscriptions are no longer available or the do not want to cooperate. In such cases you can actually change the owners by using PowerShell. For example you can assign your Azure Stack Operator account as owner, login to the subscriptions with it via the User Portal and delete the resources before deleting the subscriptions.
Continue reading “Change Owner of Azure Stack User Subscription”
Monitoring Windows Services States is one of the most common requests that I’ve seen on forums, groups and blog posts. My fellow MVP and OMS expert Stefan Roth wrote a similar blog post titled OMS – Monitor Windows Services / Processes. I would suggest to check it out as well. The approach I will show is somehow already cover in official article that demonstrates custom fields in Log Analytics. The difference is that we now have the new rich Log Analytics search syntax so we do not need custom fields anymore. This approach also is different from Stefan’s as his one covers wider topic with monitoring processes by using performance counters. In this approach we will use windows events which Stefan mentions that is not reliable but he was referring to specific Event Id which I also agree it is not reliable. In the next steps I will use another Event Id that is reliable 100%. The advantage of using windows events for monitoring windows services states are:
- Only windows events are gathered which results in less data uploaded compared to performance data
You do not have to add performance counter for each process, you just need to add only one event log to monitor all services
The services are shown with their actual name that is used in services.msc or Get-Service cmdlet.
We have the actual state of the service when it happened
Some of the disadvantages of this method are:
- Until the service is started or stopped it will take at least 5 minutes until the data appears in Log Analytics
Continue reading “Monitoring Windows Services States with Log Analytics”
Since Ignite 2017 Security & Compliance offering is now part of Azure Service Center service. Because of that some of the controls of that offering are moved to ASC but still the integration is not complete at least to me. With this blog post I will focus on two of the ASC settings that you should set up when you start with ASC – Changing to another Log Analytics workspace and Security Events level (filtering). Continue reading “Tips and Tricks of Setting up Azure Security Center”
Seems the new year bring us some bad surprises in terms of security. There has been some rumors and now turned out to be truth that certain processors are vulnerable to certain attacks. Yes processors. That means that affects a wide variety of Operating Systems. As Microsoft puts it:
Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.
Source: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
Continue reading “Mitigate speculative execution side-channel vulnerabilities”
I’ve just released the latest version of this script you can find at GitHub. There is just a small fix provided by Lynne Taggart in this release. Basically Microsoft changed the layout of their download page once again so we needed a slightly different logic to pull the MP version and publish date information.
I’ve stumbled on a great article by Brandon Wilson named Demystifying Schannel on which he explains how we can enable verbose logging for Schannel to found out what protocols our machines are using. As I leave and breathe Log Analytics and love to crunch data I thought would be cool example if we can ingest that data into it and show you some cool example with the new query language on transforming data.
Continue reading “Find if You Are Using Only TLS 1.2 Protocol with Log Analytics”
As you may have heard Log Analytics has a new query language. When you upgrade solutions are automatically converted to this new query language but I wanted to provide better experience so I’ve updated the Storage Spaces Direct (S2D) solution. Continue reading “Storage Spaces Direct (S2D) Management Solution for OMS V2”