Azure Monitor Alerts from Azure Resource Graph

In my previous post I talked about how we can now query Azure Resource Graph data with Log Analytics. The purpose of that addition was to be able to alert on Azure Resource Graph data with Azure Monitor Alerts. In this post I’ll show exactly what you need to be able to create alerts in …

Read more

Query Azure Resource Graph from Log Analytics

Have you ever wanted to filter resources in Log Analytics by resource tags? Or wanted to query Azure Resource Graph data with a broader set of KQL? Well, do I have some news for you. Now we can query Azure Resource Graph directly from Log Analytics. I was fortunate enough to be a small part …

Read more

Azure Policy Exemptions Added to Resource Graph

Have you tried to get data on exemptions in your environment? Only to find they’re not in Azure Resource Graph, like policies, assignments and their states. Previously you would have to queried the API, which is limited to querying one subscription at a time. Not exactly “cloud scale.” Sometime in the last few weeks “microsoft.authorization/policyexemptions” …

Read more

Kusto Evaluate Operator and its Plugins

The evaluate operator is fantastic tool in your Kusto tool belt. So much so that I have requested several times that it get added to Azure Resource Graph. However, the Evaluate Operator itself won’t run anything. You have to add one of its Plugins behind it. In this post I’ll show you how to use …

Read more

Calculate WVD Profile Load Time

In my previous post I showed you how to collect and parse the FSLogix event log with Log Analytics. In this post I will show you how to use that event log to calculate WVD profile load time. Calculating logon time is one of those things that can provide value into our users experience. And …

Read more

Log Analytics Operators Has, Contains and In

Recently Log Analytics added a neat feature that allows you to see how well your queries run. Because Log Analytics Operators Has and Contains perform similar functions, some have been advising to only use the Has operator as it is the most efficient. However, Has is nice but it is not the be all and …

Read more

Azure Sentinel Syslog Workbook

I recently took a look at the Azure Sentinel Syslog Workbook, called Linux Machines. This workbook is not great, its essentially a dashboard. For me the power of Workbooks in both Azure Monitor and Azure Sentinel is hunting, whether you’re hunting threats or operational issues with your infrastructure or applications. Workbook Resources If this is …

Read more